mirror of
https://github.com/gosticks/wordpress-develop.git
synced 2026-06-28 22:30:04 +00:00
REST API: Create the general wp_check_jsonp_callback() function for validating JSONP callback functions.
Move the REST API JSONP callback validation check into a separate function named `wp_check_jsonp_callback()`. This allows plugins to use the built-in validation when handling JSONP callbacks. Extremely Important Note: If you send JSONP in your custom response, make sure you prefix the response with `/**/`. This will mitigate the Rosetta Flash exploit. You should also send the `X-Content-Type-Options:nosniff` header, or even better, use the REST API infrastructure. Props rmccue. Fixes #28523. git-svn-id: https://develop.svn.wordpress.org/trunk@37646 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
@@ -322,4 +322,29 @@ class Tests_REST_API extends WP_UnitTestCase {
|
||||
|
||||
}
|
||||
|
||||
public function jsonp_callback_provider() {
|
||||
return array(
|
||||
// Standard names
|
||||
array( 'Springfield', true ),
|
||||
array( 'shelby.ville', true ),
|
||||
array( 'cypress_creek', true ),
|
||||
array( 'KampKrusty1', true ),
|
||||
|
||||
// Invalid names
|
||||
array( 'ogden-ville', false ),
|
||||
array( 'north haverbrook', false ),
|
||||
array( "Terror['Lake']", false ),
|
||||
array( 'Cape[Feare]', false ),
|
||||
array( '"NewHorrorfield"', false ),
|
||||
array( 'Scream\\ville', false ),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider jsonp_callback_provider
|
||||
*/
|
||||
public function test_jsonp_callback_check( $callback, $valid ) {
|
||||
$this->assertEquals( $valid, wp_check_jsonp_callback( $callback ) );
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user