bugfix: the callback argument value parser did not accept JS identifi…

…er names started with underscores. thanks Sam Mulube.
openresty · Nov 4, 2011 · 769ce1c · 769ce1c
1 parent fb5ea7e
commit 769ce1c
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 4 deletions.
diff --git a/.gitignore b/.gitignore
@@ -52,3 +52,4 @@ src/util.c
 src/util.rl
 all
 t/servroot/
+buildroot/
diff --git a/src/ngx_http_xss_util.c b/src/ngx_http_xss_util.c
@@ -40,8 +40,10 @@ ngx_int_t ngx_http_xss_test_callback(char *data, size_t len)
 	if ( ++p == pe )
 		goto _test_eof1;
 case 1:
-	if ( (*p) == 36 )
-		goto st6;
+	switch( (*p) ) {
+		case 36: goto st6;
+		case 95: goto st6;
+	}
 	if ( (*p) > 90 ) {
 		if ( 97 <= (*p) && (*p) <= 122 )
 			goto st6;
@@ -128,7 +130,7 @@ case 5:
 
 
     if (cs < 
-#line 132 "src/ngx_http_xss_util.c"
+#line 134 "src/ngx_http_xss_util.c"
 6
 #line 29 "src/ngx_http_xss_util.rl"
  || p != pe) {

diff --git a/src/ngx_http_xss_util.rl b/src/ngx_http_xss_util.rl
@@ -13,7 +13,7 @@ ngx_int_t ngx_http_xss_test_callback(char *data, size_t len)
     int cs;
 
     %%{
-        identifier = [$A-Za-z] [$A-Za-z0-9_]*;
+        identifier = [$A-Za-z_] [$A-Za-z0-9_]*;
 
         index = [0-9]* '.' [0-9]+
               | [0-9]+

diff --git a/t/sanity.t b/t/sanity.t
@@ -261,3 +261,21 @@ blah(hello);
 --- response_headers
 Content-Type: application/x-javascript
 
+
+=== TEST 4: bug: keys started by underscore
+--- config
+    location /foo {
+        default_type 'application/json';
+        xss_get on;
+        xss_callback_arg _callback;
+        echo '[]';
+    }
+--- request
+GET /foo?_callback=foo._bar
+--- response_headers_like
+Content-Type: application/x-javascript
+--- response_body chop
+foo._bar([]
+);
+
+