diff options
Diffstat (limited to 'includes/api/ApiFormatJson.php')
| -rw-r--r-- | includes/api/ApiFormatJson.php | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php index 342a580f..47d82124 100644 --- a/includes/api/ApiFormatJson.php +++ b/includes/api/ApiFormatJson.php @@ -62,10 +62,22 @@ class ApiFormatJson extends ApiFormatBase { $this->getIsHtml(), $params['utf8'] ? FormatJson::ALL_OK : FormatJson::XMLMETA_OK ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API, so we need to + // work around it. + if ( preg_match( '/\<\s*cross-domain-policy\s*\>/i', $json ) ) { + $json = preg_replace( + '/\<(\s*cross-domain-policy\s*)\>/i', '\\u003C$1\\u003E', $json + ); + } + $callback = $params['callback']; if ( $callback !== null ) { $callback = preg_replace( "/[^][.\\'\\\"_A-Za-z0-9]/", '', $callback ); - $this->printText( "$callback($json)" ); + # Prepend a comment to try to avoid attacks against content + # sniffers, such as bug 68187. + $this->printText( "/**/$callback($json)" ); } else { $this->printText( $json ); } |