[wp-trac] [WordPress Trac] #28523: wp_send_json to allow for JSONP
WordPress Trac
noreply at wordpress.org
Mon Jun 6 21:33:32 UTC 2016
#28523: wp_send_json to allow for JSONP
---------------------------------------------+-------------------------
Reporter: sc0ttkclark | Owner: rmccue
Type: enhancement | Status: closed
Priority: normal | Milestone: 4.6
Component: REST API | Version: 3.5
Severity: normal | Resolution: fixed
Keywords: has-patch has-unit-tests commit | Focuses: javascript
---------------------------------------------+-------------------------
Changes (by rachelbaker):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"37646"]:
{{{
#!CommitTicketReference repository="" revision="37646"
REST API: Create the general `wp_check_jsonp_callback()` function for
validating JSONP callback functions.
Move the REST API JSONP callback validation check into a separate function
named `wp_check_jsonp_callback()`. This allows plugins to use the built-in
validation when handling JSONP callbacks.
Extremely Important Note: If you send JSONP in your custom response, make
sure you prefix the response with `/**/`. This will mitigate the Rosetta
Flash exploit. You should also send the `X-Content-Type-Options:nosniff`
header, or even better, use the REST API infrastructure.
Props rmccue.
Fixes #28523.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/28523#comment:29>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list