mirror of
https://github.com/astaxie/beego.git
synced 2024-11-22 13:30:56 +00:00
JSON CallBack类型的链接,这类出现在几乎各大Web 2.0网站中。修补这类安全问题很简单,只要在目标网页开头部分强制加一个空格即可,这样BOM头就无效了。
This commit is contained in:
parent
0fb7d4babb
commit
558738ade8
@ -158,7 +158,7 @@ func (output *BeegoOutput) Jsonp(data interface{}, hasIndent bool) error {
|
|||||||
if callback == "" {
|
if callback == "" {
|
||||||
return errors.New(`"callback" parameter required`)
|
return errors.New(`"callback" parameter required`)
|
||||||
}
|
}
|
||||||
callback_content := bytes.NewBufferString(template.JSEscapeString(callback))
|
callback_content := bytes.NewBufferString(" " + template.JSEscapeString(callback))
|
||||||
callback_content.WriteString("(")
|
callback_content.WriteString("(")
|
||||||
callback_content.Write(content)
|
callback_content.Write(content)
|
||||||
callback_content.WriteString(");\r\n")
|
callback_content.WriteString(");\r\n")
|
||||||
|
Loading…
Reference in New Issue
Block a user