Permalink
Browse files

Revert "removed jsonp stripping"

This reverts commit 0ae18bc.
  • Loading branch information...
1 parent fc60dfc commit 60d16eab777938eeddb0468eb444607ee22ad388 @tj tj committed Jul 7, 2011
Showing with 19 additions and 1 deletion.
  1. +1 −1 lib/response.js
  2. +18 −0 test/response.test.js
View
@@ -135,7 +135,7 @@ res.json = function(obj, headers, status){
if (callback && jsonp) {
this.header('Content-Type', 'text/javascript');
- body = callback + '(' + body + ');';
+ body = callback.replace(/[^\w$.]/g, '') + '(' + body + ');';
}
return this.send(body, headers, status);
View
@@ -213,6 +213,15 @@ module.exports = {
'Content-Type': 'text/javascript; charset=utf-8'
, 'X-Foo': 'baz'
}});
+
+ assert.response(app,
+ { url: '/jsonp?callback=invalid()[]' },
+ { body: 'invalid({"foo":"bar"});'
+ , status: 201
+ , headers: {
+ 'Content-Type': 'text/javascript; charset=utf-8'
+ , 'X-Foo': 'baz'
+ }});
},
'test #json() JSONP': function(){
@@ -241,6 +250,15 @@ module.exports = {
'Content-Type': 'text/javascript; charset=utf-8'
, 'X-Foo': 'baz'
}});
+
+ assert.response(app,
+ { url: '/jsonp?callback=invalid()[]' },
+ { body: 'invalid({"foo":"bar"});'
+ , status: 201
+ , headers: {
+ 'Content-Type': 'text/javascript; charset=utf-8'
+ , 'X-Foo': 'baz'
+ }});
},
'test #contentType()': function(){

0 comments on commit 60d16ea

Please sign in to comment.