Added typeof check to JSONP callback

restify · Mar 17, 2015 · 1c70c8a · 1c70c8a
1 parent 69169f9
commit 1c70c8a
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/lib/formatters/jsonp.js b/lib/formatters/jsonp.js
@@ -25,7 +25,8 @@ function formatJSONP(req, res, body) {
     var cb = req.query.callback || req.query.jsonp;
     var data;
     if (cb) {
-        data = cb + '(' + JSON.stringify(body) + ');';
+        data = 'typeof ' + cb + ' === \'function\' && ' +
+                cb + '(' + JSON.stringify(body) + ');';
     } else {
         data = JSON.stringify(body);
     }

diff --git a/test/client.test.js b/test/client.test.js
@@ -100,6 +100,7 @@ before(function (callback) {
         });
 
         SERVER.use(restify.acceptParser(['json', 'text/plain']));
+        SERVER.use(restify.jsonp()); // Added for GH-776
         SERVER.use(restify.dateParser());
         SERVER.use(restify.authorizationParser());
         SERVER.use(restify.queryParser());
@@ -195,6 +196,20 @@ test('GET json', function (t) {
     });
 });
 
+test('GH-776 GET jsonp', function (t) {
+    // Using variables here to keep lines under 80 chars
+    var jsonpUrl = '/json/jsonp?callback=testCallback';
+    var expectedResult = 'typeof testCallback === \'function\' && ' +
+                         'testCallback({"hello":"jsonp"});';
+
+    JSON_CLIENT.get(jsonpUrl, function (err, req, res) {
+        t.ifError(err);
+        t.ok(req);
+        t.ok(res);
+        t.equal(res.body, expectedResult);
+        t.end();
+    });
+});
 
 test('GH-388 GET json, but really HTML', function (t) {
     JSON_CLIENT.get('/json/boom', function (err, req, res, obj) {