Merge pull request #3 from node-modules/fix-dot-regex

dead-horse · dead-horse · commit 606a612209f7 · 2015-12-09T18:40:24.000+08:00
fix: dot regex string
diff --git a/.travis.yml b/.travis.yml
@@ -1,6 +1,11 @@
+sudo: false
 language: node_js
 node_js:
-  - '0.11'
+  - '5'
+  - '4'
+  - '0.12'
   - '0.10'
-script: "make test-travis"
-after_script: "npm install coveralls@2 && cat ./coverage/lcov.info | coveralls"
+script:
+  - 'npm run test-cov'
+after_script:
+  - 'npm i codecov.io && cat ./coverage/coverage.json | ./node_modules/codecov.io/bin/codecov.io.js'
diff --git a/Makefile b/Makefile
diff --git a/README.md b/README.md
@@ -2,23 +2,15 @@ jsonp-body
 =======
 
 [![NPM version][npm-image]][npm-url]
-[![node version][node-image]][node-url]
 [![build status][travis-image]][travis-url]
 [![Test coverage][coveralls-image]][coveralls-url]
-[![Gittip][gittip-image]][gittip-url]
 
 [npm-image]: https://img.shields.io/npm/v/jsonp-body.svg?style=flat-square
 [npm-url]: https://npmjs.org/package/jsonp-body
-[node-image]: https://img.shields.io/badge/node.js-%3E=_0.10-green.svg?style=flat-square
-[node-url]: http://nodejs.org/download/
 [travis-image]: https://img.shields.io/travis/node-modules/jsonp-body.svg?style=flat-square
 [travis-url]: https://travis-ci.org/node-modules/jsonp-body
 [coveralls-image]: https://img.shields.io/coveralls/node-modules/jsonp-body.svg?style=flat-square
 [coveralls-url]: https://coveralls.io/r/node-modules/jsonp-body?branch=master
-[gittip-image]: https://img.shields.io/gittip/fengmk2.svg?style=flat-square
-[gittip-url]: https://www.gittip.com/fengmk2/
-
-![logo](https://raw.github.com/node-modules/jsonp-body/master/logo.png)
 
 Helper to create more safe jsonp response body for [koa](http://koajs.com/) and other web framework.
 
@@ -63,7 +55,7 @@ Get `obj` jsonp string response with `callback`.
 
 (The MIT License)
 
-Copyright (c) 2014 fengmk2 &lt;fengmk2@gmail.com&gt; and other contributors
+Copyright (c) 2014 - 2015 node-modules and other contributors
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the
diff --git a/index.js b/index.js
@@ -1,11 +1,9 @@
-/**!
- * jsonp-body - index.js
- *
- * Copyright(c) fengmk2 and other contributors.
+/**
+ * Copyright(c) node-modules and other contributors.
  * MIT Licensed
  *
  * Authors:
- *   fengmk2 <fengmk2@gmail.com> (http://fengmk2.github.com)
+ *   fengmk2 <fengmk2@gmail.com> (http://fengmk2.com)
  */
 
 'use strict';
@@ -41,7 +39,7 @@ function jsonp(obj, callback, options) {
   }
 
   // Only allow "[","]","a-zA-Z0123456789_", "$" and "." characters.
-  var cb = callback.replace(/[^\[\]\w$.]/g, '');
+  var cb = callback.replace(/[^\[\]\w\$\.]+/g, '');
 
   // the /**/ is a specific security mitigation for "Rosetta Flash JSONP abuse"
   // @see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4671
diff --git a/logo.png b/logo.png
diff --git a/package.json b/package.json
@@ -4,18 +4,19 @@
   "description": "Helper to create more safe jsonp response body for koa and other web framework.",
   "main": "index.js",
   "scripts": {
-    "test": "make test-all"
+    "test": "mocha test/*.test.js",
+    "test-cov": "istanbul cover _mocha -- test/*.test.js"
   },
   "dependencies": {
 
   },
   "devDependencies": {
     "autod": "*",
     "contributors": "*",
-    "istanbul-harmony": "*",
+    "istanbul": "*",
     "jshint": "*",
     "mocha": "*",
-    "should": "~4.2.1"
+    "should": "7"
   },
   "homepage": "https://github.com/node-modules/jsonp-body",
   "repository": {
@@ -31,11 +32,12 @@
     "jsonp",
     "koa",
     "json",
-    "CVE-2014-4671", "abusing-jsonp-with-rosetta-flash"
+    "CVE-2014-4671",
+    "abusing-jsonp-with-rosetta-flash"
   ],
   "engines": {
     "node": ">= 0.10.0"
   },
-  "author": "fengmk2 <fengmk2@gmail.com> (http://fengmk2.github.com)",
+  "author": "fengmk2 <fengmk2@gmail.com> (http://fengmk2.com)",
   "license": "MIT"
 }
diff --git a/test/index.test.js b/test/index.test.js
@@ -1,11 +1,9 @@
-/**!
- * jsonp-body - test/index.test.js
- *
- * Copyright(c) fengmk2 and other contributors.
+/**
+ * Copyright(c) node-modules and other contributors.
  * MIT Licensed
  *
  * Authors:
- *   fengmk2 <fengmk2@gmail.com> (http://fengmk2.github.com)
+ *   fengmk2 <fengmk2@gmail.com> (http://fengmk2.com)
  */
 
 "use strict";
@@ -19,6 +17,8 @@ var jsonp = require('../');
 
 describe('index.test.js', function () {
   it('should return with padding', function () {
+    jsonp({foo: 'bar'}, 'f.f[1]$')
+      .should.equal('/**/ typeof f.f[1]$ === \'function\' && f.f[1]$({"foo":"bar"});');
     jsonp({foo: 'bar'}, 'fn')
       .should.equal('/**/ typeof fn === \'function\' && fn({"foo":"bar"});');
     jsonp({foo: 'bar'}, ['fn'])
@@ -37,7 +37,7 @@ describe('index.test.js', function () {
   });
 
   it('should replace unsafe characters', function () {
-    jsonp({foo: 'bar'}, '~~~```fn---')
+    jsonp({foo: 'bar'}, '~~~```fn---中文\u1231')
       .should.equal('/**/ typeof fn === \'function\' && fn({"foo":"bar"});');
     jsonp({foo: 'bar'}, ['fn哈哈\\!@#%^&*(){},?/ \tok'])
       .should.equal('/**/ typeof fnok === \'function\' && fnok({"foo":"bar"});');
