[wp-trac] [WordPress Trac] #28523: wp_send_json to allow for JSONP

WordPress Trac noreply at wordpress.org
Mon Jun 6 21:33:32 UTC 2016


#28523: wp_send_json to allow for JSONP
---------------------------------------------+-------------------------
 Reporter:  sc0ttkclark                      |       Owner:  rmccue
     Type:  enhancement                      |      Status:  closed
 Priority:  normal                           |   Milestone:  4.6
Component:  REST API                         |     Version:  3.5
 Severity:  normal                           |  Resolution:  fixed
 Keywords:  has-patch has-unit-tests commit  |     Focuses:  javascript
---------------------------------------------+-------------------------
Changes (by rachelbaker):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 In [changeset:"37646"]:
 {{{
 #!CommitTicketReference repository="" revision="37646"
 REST API: Create the general `wp_check_jsonp_callback()` function for
 validating JSONP callback functions.

 Move the REST API JSONP callback validation check into a separate function
 named `wp_check_jsonp_callback()`. This allows plugins to use the built-in
 validation when handling JSONP callbacks.
 Extremely Important Note: If you send JSONP in your custom response, make
 sure you prefix the response with `/**/`. This will mitigate the Rosetta
 Flash exploit. You should also send the `X-Content-Type-Options:nosniff`
 header, or even better, use the REST API infrastructure.

 Props rmccue.
 Fixes #28523.
 }}}

--
Ticket URL: <https://core.trac.wordpress.org/ticket/28523#comment:29>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list