Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge pull request #60 from ferd/master

Better escaping
  • Loading branch information...
commit bc58dfb2966438186ce96fe3ba9795ae8ec70ded 2 parents 42d1a75 + 9433433
@ferd ferd authored
View
9 src/socketio_transport_polling.erl
@@ -297,7 +297,7 @@ send_message(Message, Req, Index, ServerModule, Sup) ->
send_message_1(Headers, Message, Req, Index, ServerModule) ->
Headers0 = [{"Content-Type", "text/javascript; charset=UTF-8"}|Headers],
Message0 = unicode:characters_to_list(jsx:format(jsx:term_to_json(list_to_binary(Message), [{strict, false}]))),
- Message1 = "io.JSONP["++Index++"]._(" ++ Message0 ++ ");",
+ Message1 = "io.JSONP["++Index++"]._(\"" ++ escape(tl(Message0)) ++ ");",
apply(ServerModule, respond, [Req, 200, Headers0, Message1]).
cors_headers(Headers, Sup) ->
@@ -325,3 +325,10 @@ reset_duration({TimerRef, Time}) ->
erlang:cancel_timer(TimerRef),
NewRef = erlang:start_timer(Time, self(), polling),
{NewRef, Time}.
+
+%% THis should deal with only one level of depth -- the rest is assumed to
+%% have been escaped correctly by jsx.
+escape([$"]) -> [$"];
+escape([$"|Rest]) -> [$\\, $" | escape(Rest)];
+escape([$\\|Rest]) -> [$\\,$\\ | escape(Rest)];
+escape([CodePoint|Rest]) -> [CodePoint | escape(Rest)].
View
2  test/socketio_transport_tests.erl
@@ -47,7 +47,7 @@ transport_tests(Browser, Transport) ->
ets:insert(socketio_tests, {transport, Transport}),
error_logger:delete_report_handler(error_logger_tty_h), %% suppress annoying kernel logger
application:start(misultin),
- application:start(socketio),
+ application:start(socketio),
{ok, Pid} = socketio_listener:start([{http_port, 8989},
{default_http_handler, ?MODULE}]),
EventMgr = socketio_listener:event_manager(Pid),
Please sign in to comment.
Something went wrong with that request. Please try again.