Changeset 11057

Timestamp:

10/22/07 14:53:01 (15 months ago)

Author:

peller

Message:

Fix regexp for json comment filtering to accept multilines. Fixes #4829

Files:

• dojo/trunk/_base/xhr.js (modified) (2 diffs)

dojo/trunk/_base/xhr.js

@@ -209 +209 @@
         "json": function(xhr){
                 if(!djConfig.usePlainJson){
-                        console.debug("consider using a mimetype of text/json-comment-filtered"
+                        console.debug("Consider using mimetype:text/json-comment-filtered"
                                 + " to avoid potential security issues with JSON endpoints"
                                 + " (use djConfig.usePlainJson=true to turn off this message)");
@@ -219 +219 @@
                 // the "JavaScript Hijacking" issue noted by Fortify and others. It is
                 // not appropriate for all circumstances.
-                var match = xhr.responseText.match(/\/\*(.*)\*\//);
+
+                //FIXME: is this precise enough?  This might do a partial match on the multiline string.
+                var match = xhr.responseText.match(/\/\*([\s\S]*)\*\//m);
                 if(!match){
-                        throw new Error("your JSON wasn't comment filtered!");
+                        throw new Error("JSON was not comment filtered");
                 }
                 return dojo.fromJson(match[1]);