mirror of
https://github.com/astaxie/beego.git
synced 2024-11-22 13:40:55 +00:00
JSON CallBack类型的链接,这类出现在几乎各大Web 2.0网站中。修补这类安全问题很简单,只要在目标网页开头部分强制加一个空格即可,这样BOM头就无效了。
This commit is contained in:
parent
0fb7d4babb
commit
558738ade8
@ -158,7 +158,7 @@ func (output *BeegoOutput) Jsonp(data interface{}, hasIndent bool) error {
|
||||
if callback == "" {
|
||||
return errors.New(`"callback" parameter required`)
|
||||
}
|
||||
callback_content := bytes.NewBufferString(template.JSEscapeString(callback))
|
||||
callback_content := bytes.NewBufferString(" " + template.JSEscapeString(callback))
|
||||
callback_content.WriteString("(")
|
||||
callback_content.Write(content)
|
||||
callback_content.WriteString(");\r\n")
|
||||
|
Loading…
Reference in New Issue
Block a user