| |
| /** |
| * Module dependencies. |
| */ |
| |
| var Polling = require('./polling'); |
| var qs = require('querystring'); |
| var rDoubleSlashes = /\\\\n/g; |
| var rSlashes = /(\\)?\\n/g; |
| var util = require('util'); |
| |
| /** |
| * Module exports. |
| */ |
| |
| module.exports = JSONP; |
| |
| /** |
| * JSON-P polling transport. |
| * |
| * @api public |
| */ |
| |
| function JSONP (req) { |
| Polling.call(this, req); |
| |
| this.head = '___eio[' + (req._query.j || '').replace(/[^0-9]/g, '') + ']('; |
| this.foot = ');'; |
| } |
| |
| /** |
| * Inherits from Polling. |
| */ |
| |
| util.inherits(JSONP, Polling); |
| |
| /** |
| * Handles incoming data. |
| * Due to a bug in \n handling by browsers, we expect a escaped string. |
| * |
| * @api private |
| */ |
| |
| JSONP.prototype.onData = function (data) { |
| // we leverage the qs module so that we get built-in DoS protection |
| // and the fast alternative to decodeURIComponent |
| data = qs.parse(data).d; |
| if ('string' === typeof data) { |
| // client will send already escaped newlines as \\\\n and newlines as \\n |
| // \\n must be replaced with \n and \\\\n with \\n |
| data = data.replace(rSlashes, function (match, slashes) { |
| return slashes ? match : '\n'; |
| }); |
| Polling.prototype.onData.call(this, data.replace(rDoubleSlashes, '\\n')); |
| } |
| }; |
| |
| /** |
| * Performs the write. |
| * |
| * @api private |
| */ |
| |
| JSONP.prototype.doWrite = function (data, options, callback) { |
| // we must output valid javascript, not valid json |
| // see: http://timelessrepo.com/json-isnt-a-javascript-subset |
| var js = JSON.stringify(data) |
| .replace(/\u2028/g, '\\u2028') |
| .replace(/\u2029/g, '\\u2029'); |
| |
| // prepare response |
| data = this.head + js + this.foot; |
| |
| Polling.prototype.doWrite.call(this, data, options, callback); |
| }; |