PHP
Switch branches/tags
Nothing to show
Clone or download
Latest commit 9b23d3b Jun 20, 2017
Nyholm and willdurand Run travis with PHP7 (#6)
* Run travis with PHP7
* Fixed build on HHVM
* Better fix HHVM

README.md

JsonpCallbackValidator

Build Status Total Downloads Latest Stable Version

JsonpCallbackValidator allows you to validate a JSONP callback in order to prevent XSS attacks.

Usage

$validator = new \JsonpCallbackValidator();

$validator->validate('JSONP.callback');
// returns `true`

$validator->validate('(function xss(x){evil()})');
// returns `false`

Or as a static method:

\JsonpCallbackValidator::validate('JSONP.callback');
// returns `true`

\JsonpCallbackValidator::validate('(function xss(x){evil()})');
// returns `false`

Installation

The recommended way to install JsonpCallbackValidator is through Composer:

$ composer require willdurand/jsonp-callback-validator

Unit Tests

Setup the test suite using Composer:

$ composer install

Run it using PHPUnit:

$ ./vendor/bin/phpunit

Contributing

See CONTRIBUTING file.

Credits

License

JsonpCallbackValidator is released under the MIT License. See the bundled LICENSE file for details.