From f56936c93606611f0701950225a88008f1d1ad74 Mon Sep 17 00:00:00 2001
From: Robert Helmer <rhelmer@rhelmer.org>
Date: Tue, 30 Jan 2018 12:52:19 -0800
Subject: better sanitize jsonp

---
 src/node/hooks/express/apicalls.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/node/hooks/express/apicalls.js')

diff --git a/src/node/hooks/express/apicalls.js b/src/node/hooks/express/apicalls.js
index db0fc81f..7f2f8ecf 100644
--- a/src/node/hooks/express/apicalls.js
+++ b/src/node/hooks/express/apicalls.js
@@ -18,7 +18,7 @@ var apiCaller = function(req, res, fields) {
     apiLogger.info("RESPONSE, " + req.params.func + ", " + response);
 
     //is this a jsonp call, if yes, add the function call
-    if(req.query.jsonp)
+    if(req.query.jsonp && isVarName(response))
       response = req.query.jsonp + "(" + response + ")";
 
     res._____send(response);
-- 
cgit v1.2.3