sstent/node
1
0
Fork 0
mirror of https://github.com/sstent/node.git synced 2026-01-26 15:12:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
node/node_modules/socket.io/restrict_jsonp.patch

96 lines
3.0 KiB
Diff
Raw Permalink Blame History

From df51a20a9dfa620507aba62e7759dc363d2a8b16 Mon Sep 17 00:00:00 2001
From: Paul Querna <pquerna@apache.org>
Date: Tue, 17 Apr 2012 14:56:09 -0700
Subject: [PATCH 1/2] prevent arbitrary javascript being injected into jsonp
transport
---
lib/manager.js | 3 ++-
lib/transports/jsonp-polling.js | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/lib/manager.js b/lib/manager.js
index d136a90..ba19d39 100644
--- a/lib/manager.js
+++ b/lib/manager.js
@@ -712,7 +712,8 @@ Manager.prototype.handleHandshake = function (data, req, res) {
};
function writeErr (status, message) {
- if (data.query.jsonp) {
+ var jpre = /^\d+$/;
+ if (data.query.jsonp && jpre.test(data.query.jsonp)) {
res.writeHead(200, { 'Content-Type': 'application/javascript' });
res.end('io.j[' + data.query.jsonp + '](new Error("' + message + '"));');
} else {
diff --git a/lib/transports/jsonp-polling.js b/lib/transports/jsonp-polling.js
index 83d11b8..ad7d5af 100644
--- a/lib/transports/jsonp-polling.js
+++ b/lib/transports/jsonp-polling.js
@@ -10,6 +10,7 @@
*/
var HTTPPolling = require('./http-polling');
+var jsonpolling_re = /^\d+$/
/**
* Export the constructor.
@@ -29,7 +30,7 @@ function JSONPPolling (mng, data, req) {
this.head = 'io.j[0](';
this.foot = ');';
- if (data.query.i) {
+ if (data.query.i && jsonpolling_re.test(data.query.i)) {
this.head = 'io.j[' + data.query.i + '](';
}
};
--
1.7.5.4
From 48fc00662ce4d83127ba4b3cf5c209a446f04343 Mon Sep 17 00:00:00 2001
From: Paul Querna <pquerna@apache.org>
Date: Tue, 17 Apr 2012 15:45:50 -0700
Subject: [PATCH 2/2] fix another instance of the issue
---
lib/manager.js | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/lib/manager.js b/lib/manager.js
index ba19d39..6121662 100644
--- a/lib/manager.js
+++ b/lib/manager.js
@@ -44,7 +44,8 @@ var defaultTransports = exports.defaultTransports = [
*/
var parent = module.parent.exports
- , protocol = parent.protocol;
+ , protocol = parent.protocol
+ , jsonpolling_re = /^\d+$/;
/**
* Manager constructor.
@@ -712,8 +713,7 @@ Manager.prototype.handleHandshake = function (data, req, res) {
};
function writeErr (status, message) {
- var jpre = /^\d+$/;
- if (data.query.jsonp && jpre.test(data.query.jsonp)) {
+ if (data.query.jsonp && jsonpolling_re.test(data.query.jsonp)) {
res.writeHead(200, { 'Content-Type': 'application/javascript' });
res.end('io.j[' + data.query.jsonp + '](new Error("' + message + '"));');
} else {
@@ -752,7 +752,7 @@ Manager.prototype.handleHandshake = function (data, req, res) {
, self.transports(data).join(',')
].join(':');
- if (data.query.jsonp) {
+ if (data.query.jsonp && jsonpolling_re.test(data.query.jsonp)) {
hs = 'io.j[' + data.query.jsonp + '](' + JSON.stringify(hs) + ');';
res.writeHead(200, { 'Content-Type': 'application/javascript' });
} else {
--
1.7.5.4
Reference in New Issue View Git Blame Copy Permalink