MCPcopy Index your code
hub / github.com/tinyhttp/tinyhttp / jsonp

Function jsonp

packages/jsonp/src/index.ts:42–73  ·  view source on GitHub ↗
(req: Request, res: Response)

Source from the content-addressed store, hash-verified

40 * @param app App
41 */
42export const jsonp = (req: Request, res: Response) => (obj: unknown, opts: JSONPOptions = {}) => {
43 const val = obj
44
45 const { escape, replacer, spaces, callbackName = 'callback' } = opts
46
47 let body = stringify(val, replacer, spaces, escape)
48
49 let callback = req.query[callbackName]
50
51 if (!res.get('Content-Type')) {
52 res.set('X-Content-Type-Options', 'nosniff')
53 res.set('Content-Type', 'application/json')
54 }
55
56 // jsonp
57 if (typeof callback === 'string' && callback.length !== 0) {
58 res.set('X-Content-Type-Options', 'nosniff')
59 res.set('Content-Type', 'text/javascript')
60
61 // restrict callback charset
62 callback = callback.replace(/[^[\]\w$.]/g, '')
63
64 // replace chars not allowed in JavaScript that are in JSON
65 body = body.replace(/\u2028/g, '\\u2028').replace(/\u2029/g, '\\u2029')
66
67 // the /**/ is a specific security mitigation for "Rosetta Flash JSONP abuse"
68 // the typeof check is just to reduce client error noise
69 body = `/**/ typeof ${callback} === 'function' && ${callback}(${body});`
70 }
71
72 return res.send(body)
73}

Callers 1

jsonp.test.tsFile · 0.90

Calls 4

stringifyFunction · 0.85
sendMethod · 0.80
getMethod · 0.65
setMethod · 0.65

Tested by

no test coverage detected