JsonpCallbackValidator allows you to validate a JSONP callback in order to prevent XSS attacks.
$validator = new \JsonpCallbackValidator();
$validator->validate("JSONP.callback");
// returns `true`
$validator->validate("(function xss(x){evil()})");
// returns `false`
Or as a static method:
\JsonpCallbackValidator::validate("JSONP.callback");
// returns `true`
\JsonpCallbackValidator::validate("(function xss(x){evil()})");
// returns `false`
The recommended way to install JsonpCallbackValidator is through Composer:
$ composer require willdurand/jsonp-callback-validator
Setup the test suite using Composer:
$ composer install
Run it using PHPUnit:
$ ./vendor/bin/simple-phpunit
See CONTRIBUTING file.
JsonpCallbackValidator is released under the MIT License. See the bundled LICENSE file for details.