Is this safe for providing JSONP?





<?php header('content-type: application/json');



$json = json_encode($data);



echo isset($_GET['callback'])

    ? "{$_GET['callback']}($json)"

    : $json;

Or should I for example filter the $_GET['callback'] variable so that it only contains a valid JavaScript function name? If so, what are valid JavaScript function names?

Or is not filtering that variable a bit of the point with JSONP?

Current solution: Blogged about my current solution at http://www.geekality.net/?p=1021 . In short, for now, I have the following code, which hopefully should be pretty safe:





<?php header('content-type: application/json; charset=utf-8');



function is_valid_callback($subject)

{

     $identifier_syntax

       = '/^[$_\p{L}][$_\p{L}\p{Mn}\p{Mc}\p{Nd}\p{Pc}\x{200C}\x{200D}]*+$/u';



     $reserved_words = array('break', 'do', 'instanceof', 'typeof', 'case',

       'else', 'new', 'var', 'catch', 'finally', 'return', 'void', 'continue', 

       'for', 'switch', 'while', 'debugger', 'function', 'this', 'with', 

       'default', 'if', 'throw', 'delete', 'in', 'try', 'class', 'enum', 

       'extends', 'super', 'const', 'export', 'import', 'implements', 'let', 

       'private', 'public', 'yield', 'interface', 'package', 'protected', 

       'static', 'null', 'true', 'false');



     return preg_match($identifier_syntax, $subject)

         && ! in_array(mb_strtolower($subject, 'UTF-8'), $reserved_words);

}



$data = array(1, 2, 3, 4, 5, 6, 7, 8, 9);

$json = json_encode($data);



# JSON if no callback

if( ! isset($_GET['callback']))

     exit( $json );



# JSONP if valid callback

if(is_valid_callback($_GET['callback']))

     exit( "{$_GET['callback']}($json)" );



# Otherwise, bad request

header('Status: 400 Bad Request', true, 400);

Source: Tips4all

Slow Android emulator

I have a 2.67 GHz Celeron processor, 1.21 GB of RAM on a x86 Windows XP Professional machine. My understanding is that the Android emulator should start fairly quickly on such a machine, but for me it does not. I have followed all instructions in setting up the IDE, SDKs, JDKs and such and have had some success in staring the emulator quickly but is very particulary. How can I, if possible, fix this problem?

Java Urban Myths

Along the line of C++ Urban Myths and Perl Myths : What are the Java Urban Myths? That is, the ideas and conceptions about Java that are common but have no actual roots in reality . As a Java programmer, what ideas held by your fellow Java programmers have you had to disprove so often that you've come to believe they all learned at the feet of the same drunk old story-teller? Ideally, you would express these myths in a single sentence, and include an explanation of why they are false.

CCNA 1 Final Exam 2011 latest (hot hot hot)

Hi! I have been posted content of ccna1 final exam (latest and only question.) I will post the answer and insert image on sunday. If you care, please subscribe your email an become a first person have full test content. Subcribe now Some question have not content because this question have images content. So that can you wait for me? SUNDAY 1. A user sees the command prompt: Router(config-if)# . What task can be performed at this mode? Reload the device. Perform basic tests. Configure individual interfaces. Configure individual terminal lines. 2. Refer to the exhibit. Host A attempts to establish a TCP/IP session with host C. During this attempt, a frame was captured with the source MAC address 0050.7320.D632 and the destination MAC address 0030.8517.44C4. The packet inside the captured frame has an IP source address 192.168.7.5, and the destination IP address is 192.168.219.24. At which point in the network was this packet captured? leaving host A leaving ATL leaving...

CCNA, CCNP, MCSA, CCNA Final Exam, All Answer Test Module With 100/100

Search This Blog