add basic validation of callback name
This commit is contained in:
parent
266f76d963
commit
601b87ca01
@ -56,6 +56,14 @@ class JsonResponse extends Response
|
||||
*/
|
||||
public function setCallback($callback = null)
|
||||
{
|
||||
if ($callback) {
|
||||
// taken from http://www.geekality.net/2011/08/03/valid-javascript-identifier/
|
||||
$pattern = '/^[$_\p{L}][$_\p{L}\p{Mn}\p{Mc}\p{Nd}\p{Pc}\x{200C}\x{200D}]*+$/u';
|
||||
if (!preg_match($pattern, $callback)) {
|
||||
throw new \InvalidArgumentException('The callback name is not valid.');
|
||||
}
|
||||
}
|
||||
|
||||
$this->callback = $callback;
|
||||
|
||||
return $this->update();
|
||||
|
@ -104,4 +104,12 @@ class JsonResponseTest extends \PHPUnit_Framework_TestCase
|
||||
$this->assertEquals('callback({"foo":"bar"});', $response->getContent());
|
||||
$this->assertEquals('text/javascript', $response->headers->get('Content-Type'));
|
||||
}
|
||||
|
||||
public function testSetCallbackInvalidIdentifier()
|
||||
{
|
||||
$response = new JsonResponse('foo');
|
||||
|
||||
$this->setExpectedException('InvalidArgumentException');
|
||||
$response->setCallback('+invalid');
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user