JSONP callback method should be validated as valid JS identifier #1444

Closed
DamianEdwards opened this Issue Jan 29, 2013 · 5 comments

Projects

None yet

3 participants

@DamianEdwards
Member

The JSONP callback method should be validated to ensure it is actually a JS method name (identifier). See http://stackoverflow.com/questions/2777021/do-i-need-to-sanitize-the-callback-parameter-from-a-jsonp-call

@Xiaohongt
Member

the connection negotiate request with jsonp callback return 403 e.g. signalr/negotiate?callback=jQuery1640904470823616872_1359671098514&_=1359671098586

@Xiaohongt
Member

the connection negotiate request with jsonp callback return 403 is different issue, not related to this

@Xiaohongt
Member

@DamianEdwards , in _jsKeywords, for "hrow", do you mean "throw"?

@davidfowl
Member

@Xiaohongt that's not an issue you need to EnableCrossDomain for JSONP to work.

@Xiaohongt
Member

verified

@Xiaohongt Xiaohongt closed this Feb 1, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment