Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

ForeverFrame transport does not handle embedded </script> tags properly #413

Closed
drub0y opened this Issue May 23, 2012 · 0 comments

Comments

Projects
None yet
2 participants
Contributor

drub0y commented May 23, 2012

The ForeverFrame transport emits JSON surrounded by <script> elements. When the JSON being emitted contains a string with a value of "</script>" inside it this will be parsed by the browser as the closing script tag and thus result in an unterminated JSON string when the script is actually interpreted by the browser.

We need to detect and escape any "</script>" tags in the messages with "</\"+\"script>" so that the browser will not see it as a closing element.

@davidfowl davidfowl closed this in a9beb7c Jun 12, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment