JsonResponse setCallback throws InvalidArgumentException on valid callback #17923
Comments
|
Edit: Never mind, i missed the part where you mentioned it in the description. |
|
See https://github.com/willdurand/JsonpCallbackValidator for the implementation of the proper validation to accept valid callbacks |
|
I'm requesting mywebsite.com/function?callback=L.OWM.Utils.callbacks[9]. My function does this (cut a lot of crap on the ....) But it's giving me an InvalidArgumentException on the part callbacks[9] in the setCallback(). Is this example enough? |
fabpot
added a commit
that referenced
this issue
Oct 5, 2016
This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes #20127). Discussion ---------- [HttpFoundation] JSONP callback validation | Q | A | ------------- | --- | Branch? | "master" | Bug fix? | yes | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #17923 | License | MIT | Doc PR | reference to the documentation PR, if any Maybe this is too small for a new dep, but at least it's stable. Symfony itself will make no assumption on validation by default, ie. things should keep working as usual. Commits ------- 1159f8b [HttpFoundation] JSONP callback validation
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Using Symfony 3.0, trying to set a callback on a JsonResponse fails for the following callback: Utils.callbacks[1].
The pattern in setCallback
^[$_\p{L}] $_\p{L}\p{Mn}\p{Mc}\p{Nd}\p{Pc}\x{200C}\x{200D}]*+$/ufails on anything containing brackets while this could be a valid callback.This works for me
^[$_\p{L}][$_\p{L}\p{Mn}\p{Mc}\p{Nd}\p{Pc}\.]*+(\x{5b}\S+\x{5d})*$. This allows callbacks like foo.bar[1] but not foo.bar[].The text was updated successfully, but these errors were encountered: