From 541b3dc7ae563ae27447f1ae4f3481e01a82cae7 Mon Sep 17 00:00:00 2001 From: Tim Schaub Date: Mon, 15 Aug 2011 18:27:55 +0000 Subject: [PATCH] Changing the named callback to avoid having the returned script call a function. This allows the protocol to be used with servers that sanitize callback identifiers for security. Great patch from vmische. r=me (closes 3417). git-svn-id: http://svn.openlayers.org/trunk/openlayers@12250 dc9f47b5-9b13-0410-9fdd-eb0c1a62fdaf --- lib/OpenLayers/Protocol/Script.js | 27 +++++++-------------------- tests/Protocol/Script.html | 2 +- 2 files changed, 8 insertions(+), 21 deletions(-) diff --git a/lib/OpenLayers/Protocol/Script.js b/lib/OpenLayers/Protocol/Script.js index fccb66582a..2e47de71c3 100644 --- a/lib/OpenLayers/Protocol/Script.js +++ b/lib/OpenLayers/Protocol/Script.js @@ -207,7 +207,7 @@ OpenLayers.Protocol.Script = OpenLayers.Class(OpenLayers.Protocol, { */ createRequest: function(url, params, callback) { var id = OpenLayers.Protocol.Script.register(callback); - var name = "OpenLayers.Protocol.Script.getCallback(" + id + ")"; + var name = "OpenLayers.Protocol.Script.registry[" + id + "]"; params = OpenLayers.Util.extend({}, params); params[this.callbackKey] = this.callbackPrefix + name; url = OpenLayers.Util.urlAppend( @@ -328,7 +328,7 @@ OpenLayers.Protocol.Script = OpenLayers.Class(OpenLayers.Protocol, { (function() { var o = OpenLayers.Protocol.Script; var counter = 0; - var registry = {}; + o.registry = []; /** * Function: OpenLayers.Protocol.Script.register @@ -344,7 +344,10 @@ OpenLayers.Protocol.Script = OpenLayers.Class(OpenLayers.Protocol, { */ o.register = function(callback) { var id = ++counter; - registry[id] = callback; + o.registry[id] = function() { + o.unregister(id); + callback.apply(this, arguments); + }; return id; }; @@ -356,22 +359,6 @@ OpenLayers.Protocol.Script = OpenLayers.Class(OpenLayers.Protocol, { * id: {Number} The identifer returned by the register function. */ o.unregister = function(id) { - delete registry[id]; - }; - - /** - * Function: OpenLayers.Protocol.Script.getCallback - * Retreive and unregister a callback. A call to this function is the "P" - * in JSONP. For example, a script may be added with a src attribute - * http://example.com/features.json?callback=OpenLayers.Protocol.Script.getCallback(1) - * - * Parameters: - * id: {Number} The identifer returned by the register function. - */ - o.getCallback = function(id) { - var callback = registry[id]; - o.unregister(id); - return callback; + delete o.registry[id]; }; })(); - diff --git a/tests/Protocol/Script.html b/tests/Protocol/Script.html index 8eaa6e803a..a676e61821 100644 --- a/tests/Protocol/Script.html +++ b/tests/Protocol/Script.html @@ -150,7 +150,7 @@ t.eq(script.type, 'text/javascript', 'created script has a correct type'); - t.eq(script.src, 'http://bar_url/?k=bar_param&cb_key=cb_prefix%3AOpenLayers.Protocol.Script.getCallback(bar)', + t.eq(script.src, 'http://bar_url/?k=bar_param&cb_key=cb_prefix%3AOpenLayers.Protocol.Script.registry%5Bbar%5D', 'created script has a correct url'); t.eq(script.id, 'OpenLayers_Protocol_Script_bar', 'created script has a correct id');