From 087c9fe96367fb0f51e00f2bf992587c252ce3ea Mon Sep 17 00:00:00 2001 From: Mingwei Samuel Date: Sun, 26 Jun 2016 23:38:32 -0700 Subject: [PATCH 1/2] fix when manually instantiating JsonpMediaTypeFormatter --- src/WebApiContrib.Formatting.Jsonp/JsonpMediaTypeFormatter.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/WebApiContrib.Formatting.Jsonp/JsonpMediaTypeFormatter.cs b/src/WebApiContrib.Formatting.Jsonp/JsonpMediaTypeFormatter.cs index 0c6e43e..5f4b13c 100644 --- a/src/WebApiContrib.Formatting.Jsonp/JsonpMediaTypeFormatter.cs +++ b/src/WebApiContrib.Formatting.Jsonp/JsonpMediaTypeFormatter.cs @@ -161,7 +161,7 @@ public override async Task WriteToStreamAsync(Type type, object value, Stream st { // the /**/ is a specific security mitigation for "Rosetta Flash JSONP abuse" // the typeof check is just to reduce client error noise - writer.Write("/**/ typeof " + _callback + " === 'function' && " + _callback + "("); + writer.Write(string.Format("/**/typeof {0}==='function'&&{0}(", _callback ?? _callbackQueryParameter)); writer.Flush(); await _jsonMediaTypeFormatter.WriteToStreamAsync(type, value, stream, content, transportContext); writer.Write(");"); From eacfbb8ce032e2caeeafe6bbc3b5606a58665272 Mon Sep 17 00:00:00 2001 From: Mingwei Samuel Date: Sun, 26 Jun 2016 23:52:37 -0700 Subject: [PATCH 2/2] remove redundant string.format --- src/WebApiContrib.Formatting.Jsonp/JsonpMediaTypeFormatter.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/WebApiContrib.Formatting.Jsonp/JsonpMediaTypeFormatter.cs b/src/WebApiContrib.Formatting.Jsonp/JsonpMediaTypeFormatter.cs index 5f4b13c..5ed6098 100644 --- a/src/WebApiContrib.Formatting.Jsonp/JsonpMediaTypeFormatter.cs +++ b/src/WebApiContrib.Formatting.Jsonp/JsonpMediaTypeFormatter.cs @@ -161,7 +161,7 @@ public override async Task WriteToStreamAsync(Type type, object value, Stream st { // the /**/ is a specific security mitigation for "Rosetta Flash JSONP abuse" // the typeof check is just to reduce client error noise - writer.Write(string.Format("/**/typeof {0}==='function'&&{0}(", _callback ?? _callbackQueryParameter)); + writer.Write("/**/typeof {0}==='function'&&{0}(", _callback ?? _callbackQueryParameter); writer.Flush(); await _jsonMediaTypeFormatter.WriteToStreamAsync(type, value, stream, content, transportContext); writer.Write(");");