mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-21 16:06:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 26

better sanitize jsonp

Browse source
This commit is contained in:
Robert Helmer 2018-01-30 12:52:19 -08:00
parent d7c93b0c0d
commit f56936c936
2 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/node/hooks/express/apicalls.js
View file

@ -18,7 +18,7 @@ var apiCaller = function(req, res, fields) {
apiLogger.info("RESPONSE, " + req.params.func + ", " + response);
//is this a jsonp call, if yes, add the function call
if(req.query.jsonp)
if(req.query.jsonp && isVarName(response))
response = req.query.jsonp + "(" + response + ")";
res._____send(response);