Skip to content

Commit

Permalink
Fix edge cases
Browse files Browse the repository at this point in the history
  • Loading branch information
@willdurand
willdurand committed Oct 21, 2013
1 parent a64e2d3 commit 76e13fc
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 2 deletions.
4 changes: 3 additions & 1 deletion src/JsonpCallbackValidator.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@
*/
class JsonpCallbackValidator
{
private $regexp = '/^[a-zA-Z_$][0-9a-zA-Z_$]*(?:\[(?:"(?:\\\.|[^"\\\])*"|\'(?:\\\.|[^\'\\\])*\'|\d+)\])*?$/';

private $reservedKeywords = array(
'break',
'do',
Expand Down Expand Up @@ -63,7 +65,7 @@ class JsonpCallbackValidator
public function validate($callback)
{
foreach (explode('.', $callback) as $identifier) {
if (!preg_match('/^[a-zA-Z_$][0-9a-zA-Z_$]*(?:\[(?:".+"|\'.+\'|\d+)\])*?$/', $identifier)) {
if (!preg_match($this->regexp, $identifier)) {
return false;
}

Expand Down
7 changes: 6 additions & 1 deletion tests/JsonpCallbackValidatorTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ public static function dataProviderForTestValidate()
array('array_of_functions["key"]', self::IS_VALID),
array('_function', self::IS_VALID),
array('petersCallback1412331422[12]', self::IS_VALID),
array('(function xss(x){evil()})', self::IS_INVALID),
array('(function xss(x) {evil()})', self::IS_INVALID),
array('', self::IS_INVALID),
array('alert()', self::IS_INVALID),
array('test()', self::IS_INVALID),
Expand All @@ -54,6 +54,9 @@ public static function dataProviderForTestValidate()
array('array_of_functions["k"ey"]', self::IS_INVALID),
array('array_of_functions["k\"ey"]', self::IS_VALID),
array('array_of_functions["k""y"]', self::IS_INVALID),
array('array_of_functions["""y"]', self::IS_INVALID),
array('array_of_functions[""""]', self::IS_INVALID),
array('array_of_functions["\""]', self::IS_VALID),
array('array_of_functions["k\"e\""]', self::IS_VALID),
array('array_of_functions["k\'ey"]', self::IS_VALID),
array("array_of_functions['k'ey']", self::IS_INVALID),
Expand All @@ -62,6 +65,8 @@ public static function dataProviderForTestValidate()
array("array_of_functions['\'key']", self::IS_VALID),
array("array_of_functions['key\'']", self::IS_VALID),
array("array_of_functions['k'ey'']", self::IS_INVALID),
array("array_of_functions[''']", self::IS_INVALID),
array("array_of_functions['\'']", self::IS_VALID),
);
}
}

0 comments on commit 76e13fc

Please sign in to comment.