Add some validation for the JSONP callback

The callback variable could be used to arbitrarily inject javascript
into the response object. This validates that the callback doesn't begin
with a number and is standard US ASCII characters, because trying to
make sure the JavaScript function name is actually valid would require
parsing JavaScript itself...

0 files changed, 0 insertions, 0 deletions