Tornado 6.0 fixes, fixed XSS, new version

setup.py

@@ -28,7 +28,7 @@ def desc():
 
 distutils.core.setup(
     name='sockjs-tornado',
-    version='1.0.6',
+    version='1.0.7',
     author='Serge S. Koval',
     author_email='serge.koval@gmail.com',
     packages=['sockjs', 'sockjs.tornado', 'sockjs.tornado.transports'],
@@ -50,6 +50,6 @@ def desc():
     ],
     requires=['tornado'],
     install_requires=[
-        'tornado >= 2.1.1'
+        'tornado >= 4.0.0'
     ]
 )

sockjs/tornado/transports/eventsource.py

@@ -44,7 +44,7 @@ def send_pack(self, message, binary=False):
             self.notify_sent(len(msg))
 
             self.write(msg)
-            self.flush(callback=self.send_complete)
+            self.flush().add_done_callback(self.send_complete)
         except IOError:
             # If connection dropped, make sure we close offending session instead
             # of propagating error all way up.

sockjs/tornado/transports/htmlfile.py

@@ -6,10 +6,11 @@
     HtmlFile transport implementation.
 """
 
-from sockjs.tornado.util import asynchronous
+import re
 
 from sockjs.tornado import proto
 from sockjs.tornado.transports import streamingbase
+from sockjs.tornado.util import asynchronous
 
 try:
     # Python 3.4+
@@ -18,6 +19,9 @@
     from cgi import escape
 
 
+RE = re.compile('[\W_]+')
+
+
 # HTMLFILE template
 HTMLFILE_HEAD = r'''
 <!doctype html>
@@ -60,7 +64,7 @@ def get(self, session_id):
             return
 
         # TODO: Fix me - use parameter
-        self.write(HTMLFILE_HEAD % escape(callback))
+        self.write(HTMLFILE_HEAD % escape(RE.sub('', callback)))
         self.flush()
 
         # Now try to attach to session
@@ -85,7 +89,7 @@ def send_pack(self, message, binary=False):
             self.notify_sent(len(message))
 
             self.write(msg)
-            self.flush(callback=self.send_complete)
+            self.flush().add_done_callback(self.send_complete)
         except IOError:
             # If connection dropped, make sure we close offending session instead
             # of propagating error all way up.

sockjs/tornado/transports/jsonp.py

@@ -62,11 +62,7 @@ def send_pack(self, message, binary=False):
             self.set_header('Etag', 'dummy')
 
             self.write(msg)
-            try:
-                self.flush(callback=self.send_complete)
-            except:
-                ft = self.flush()
-                ft.add_done_callback(self.send_complete)
+            self.flush().add_done_callback(self.send_complete)
         except IOError:
             # If connection dropped, make sure we close offending session instead
             # of propagating error all way up.

sockjs/tornado/transports/pollingbase.py

@@ -64,7 +64,7 @@ def on_connection_close(self):
 
         super(PollingTransportBase, self).on_connection_close()
 
-    def send_complete(self):
+    def send_complete(self, f=None):
         self._detach()
 
         # Avoid race condition when waiting for write callback and session getting closed in between

sockjs/tornado/transports/rawwebsocket.py

@@ -38,7 +38,8 @@ def open(self):
 
         # Disable nagle if needed
         if self.server.settings['disable_nagle']:
-            self.stream.socket.setsockopt(socket.SOL_TCP, socket.TCP_NODELAY, 1)
+            #self.stream.socket.setsockopt(socket.SOL_TCP, socket.TCP_NODELAY, 1)
+            self.set_nodelay(True)
 
         # Create and attach to session
         self.session = RawSession(self.server.get_connection_class(), self.server)

sockjs/tornado/transports/streamingbase.py

@@ -30,7 +30,7 @@ def should_finish(self):
 
         return False
 
-    def send_complete(self):
+    def send_complete(self, f=None):
         """
             Verify if connection should be closed based on amount of data that was sent.
         """

sockjs/tornado/transports/xhr.py

@@ -49,7 +49,7 @@ def send_pack(self, message, binary=False):
             self.set_header('Content-Type', 'application/javascript; charset=UTF-8')
             self.set_header('Content-Length', len(message) + 1)
             self.write(message + '\n')
-            self.flush(callback=self.send_complete)
+            self.flush().add_done_callback(self.send_complete)
         except IOError:
             # If connection dropped, make sure we close offending session instead
             # of propagating error all way up.

sockjs/tornado/transports/xhrstreaming.py

@@ -43,11 +43,7 @@ def send_pack(self, message, binary=False):
             self.notify_sent(len(message))
 
             self.write(message + '\n')
-            try:
-                self.flush(callback=self.send_complete)
-            except:
-                ft = self.flush()
-                ft.add_done_callback(self.send_complete)
+            self.flush().add_done_callback(self.send_complete)
         except IOError:
             # If connection dropped, make sure we close offending session instead
             # of propagating error all way up.