libre-service.eu/pad.libre-service.eu-etherpad
libre-service.eu/pad.libre-service.eu-etherpad
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-02-01 03:12:42 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #3314 from rhelmer/sanitize-jsonp

Browse source 
better sanitize jsonp
This commit is contained in:
John McLear 2018-01-31 08:25:43 +00:00 committed by GitHub
commit 626e58cc5a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/node/hooks/express/apicalls.js
View file

@ -18,7 +18,7 @@ var apiCaller = function(req, res, fields) {
apiLogger.info("RESPONSE, " + req.params.func + ", " + response); apiLogger.info("RESPONSE, " + req.params.func + ", " + response);
//is this a jsonp call, if yes, add the function call //is this a jsonp call, if yes, add the function call
if(req.query.jsonp) if(req.query.jsonp && isVarName(response))
response = req.query.jsonp + "(" + response + ")"; response = req.query.jsonp + "(" + response + ")";
res._____send(response); res._____send(response);

3
src/package.json
View file

@ -43,7 +43,8 @@
"jsonminify" : "0.4.1", "jsonminify" : "0.4.1",
"measured" : "1.1.0", "measured" : "1.1.0",
"mocha" : "2.4.5", "mocha" : "2.4.5",
"supertest" : "1.2.0" "supertest" : "1.2.0",
"is-var-name" : "1.0.0"
}, },
"bin": { "etherpad-lite": "./node/server.js" }, "bin": { "etherpad-lite": "./node/server.js" },
"devDependencies": { "devDependencies": {