Changeset View
Changeset View
Standalone View
Standalone View
src/aphront/response/AphrontResponse.php
| <?php | <?php | ||||
| /** | |||||
| * @group aphront | |||||
| */ | |||||
| abstract class AphrontResponse { | abstract class AphrontResponse { | ||||
| private $request; | private $request; | ||||
| private $cacheable = false; | private $cacheable = false; | ||||
| private $responseCode = 200; | private $responseCode = 200; | ||||
| private $lastModified = null; | private $lastModified = null; | ||||
| protected $frameable; | protected $frameable; | ||||
| ▲ Show 20 Lines • Show All 75 Lines • ▼ Show 20 Lines | $response = str_replace( | ||||
| array('<', '>'), | array('<', '>'), | ||||
| array('\u003c', '\u003e'), | array('\u003c', '\u003e'), | ||||
| $response); | $response); | ||||
| return $response; | return $response; | ||||
| } | } | ||||
| protected function addJSONShield($json_response) { | protected function addJSONShield($json_response) { | ||||
| // Add a shield to prevent "JSON Hijacking" attacks where an attacker | // Add a shield to prevent "JSON Hijacking" attacks where an attacker | ||||
| // requests a JSON response using a normal <script /> tag and then uses | // requests a JSON response using a normal <script /> tag and then uses | ||||
| // Object.prototype.__defineSetter__() or similar to read response data. | // Object.prototype.__defineSetter__() or similar to read response data. | ||||
| // This header causes the browser to loop infinitely instead of handing over | // This header causes the browser to loop infinitely instead of handing over | ||||
| // sensitive data. | // sensitive data. | ||||
| $shield = 'for (;;);'; | $shield = 'for (;;);'; | ||||
| ▲ Show 20 Lines • Show All 46 Lines • Show Last 20 Lines | |||||