public override async Task WriteResponseBodyAsync(OutputFormatterWriteContext context, Encoding selectedEncoding)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
string callback;
if (IsJsonpRequest(context.HttpContext.Request, _callbackQueryParameter, out callback))
{
if (!CallbackValidator.IsValid(callback))
{
throw new InvalidOperationException($"Callback '{callback}' is invalid!");
}
using (var writer = context.WriterFactory(context.HttpContext.Response.Body, selectedEncoding))
{
// the /**/ is a specific security mitigation for "Rosetta Flash JSONP abuse"
// the typeof check is just to reduce client error noise
var str = "/**/ typeof " + callback + " === 'function' && " + callback + "(";
str += context.Object + ");";
writer.Write("/**/ typeof " + callback + " === 'function' && " + callback + "(");
writer.Flush();
_jsonMediaTypeFormatter.WriteObject(writer, context.Object);
writer.Write(");");
await writer.FlushAsync();
}
}
else
{
await _jsonMediaTypeFormatter.WriteResponseBodyAsync(context, selectedEncoding);
}
}
public void IsValid(string callback, bool isValid)
{
Assert.That(CallbackValidator.IsValid(callback), Is.EqualTo(isValid));
}