diff options
| -rw-r--r-- | pyramid/renderers.py | 4 | ||||
| -rw-r--r-- | pyramid/tests/test_renderers.py | 12 |
2 files changed, 13 insertions, 3 deletions
diff --git a/pyramid/renderers.py b/pyramid/renderers.py index 42296bad1..456b16c82 100644 --- a/pyramid/renderers.py +++ b/pyramid/renderers.py @@ -308,7 +308,7 @@ class JSON(object): json_renderer_factory = JSON() # bw compat -JSONP_VALID_CALLBACK = re.compile(r"^[a-zA-Z_$][0-9a-zA-Z_$]+$") +JSONP_VALID_CALLBACK = re.compile(r"^[$a-z_][$0-9a-z_\.\[\]]+[^.]$", re.I) class JSONP(JSON): """ `JSONP <http://en.wikipedia.org/wiki/JSONP>`_ renderer factory helper @@ -396,7 +396,7 @@ class JSONP(JSON): raise HTTPBadRequest('Invalid JSONP callback function name.') ct = 'application/javascript' - body = '%s(%s);' % (callback, val) + body = '/**/{0}({1});'.format(callback, val) response = request.response if response.content_type == response.default_content_type: response.content_type = ct diff --git a/pyramid/tests/test_renderers.py b/pyramid/tests/test_renderers.py index 61a798ad1..2458ea830 100644 --- a/pyramid/tests/test_renderers.py +++ b/pyramid/tests/test_renderers.py @@ -669,7 +669,17 @@ class TestJSONP(unittest.TestCase): request = testing.DummyRequest() request.GET['callback'] = 'callback' result = renderer({'a':'1'}, {'request':request}) - self.assertEqual(result, 'callback({"a": "1"});') + self.assertEqual(result, '/**/callback({"a": "1"});') + self.assertEqual(request.response.content_type, + 'application/javascript') + + def test_render_to_jsonp_with_dot(self): + renderer_factory = self._makeOne() + renderer = renderer_factory(None) + request = testing.DummyRequest() + request.GET['callback'] = 'angular.callbacks._0' + result = renderer({'a':'1'}, {'request':request}) + self.assertEqual(result, '/**/angular.callbacks._0({"a": "1"});') self.assertEqual(request.response.content_type, 'application/javascript') |