diff options
| author | Aaron Patterson <aaron.patterson@gmail.com> | 2014-07-10 10:20:16 -0700 |
|---|---|---|
| committer | Aaron Patterson <aaron.patterson@gmail.com> | 2014-07-10 10:20:16 -0700 |
| commit | 93fb4c1e62dc9605eecbfaffda2becc85890fa5f (patch) | |
| tree | d614c3eed3fc10a3d77c2a9fd95f684a76e20d77 /actionpack/lib/action_controller/metal | |
| parent | 6b6832eeeb43c5f2553373f84677350ba654346a (diff) | |
| parent | 4003a5bd76ece6d5273e00bf9f468fbdcf9ce1d6 (diff) | |
| download | rails-93fb4c1e62dc9605eecbfaffda2becc85890fa5f.tar.gz rails-93fb4c1e62dc9605eecbfaffda2becc85890fa5f.tar.bz2 rails-93fb4c1e62dc9605eecbfaffda2becc85890fa5f.zip | |
Merge branch 'rosetta_flash' of https://github.com/gcampbell/rails into gcampbell-rosetta_flash
* 'rosetta_flash' of https://github.com/gcampbell/rails:
Address CVE-2014-4671 (JSONP Flash exploit)
Conflicts:
actionpack/CHANGELOG.md
Diffstat (limited to 'actionpack/lib/action_controller/metal')
| -rw-r--r-- | actionpack/lib/action_controller/metal/renderers.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/actionpack/lib/action_controller/metal/renderers.rb b/actionpack/lib/action_controller/metal/renderers.rb index ae55e6d7f5..02c4e563f5 100644 --- a/actionpack/lib/action_controller/metal/renderers.rb +++ b/actionpack/lib/action_controller/metal/renderers.rb @@ -116,7 +116,7 @@ module ActionController self.content_type = Mime::JS end - "#{options[:callback]}(#{json})" + "/**/#{options[:callback]}(#{json})" else self.content_type ||= Mime::JSON json |