Release 0.9.15

transports: escaping (fixes #1251 )
Release 0.9.14
2026-01-11 07:58:13 -05:00 · 2013-06-06 08:22:29 -07:00 · 2013-06-06 08:17:40 -07:00 · 2013-03-29 14:15:52 -07:00 · 2013-03-29 14:14:42 -07:00 · 2012-12-13 15:15:38 -03:00
8 changed files with 95 additions and 9 deletions
--- a/History.md
+++ b/History.md
@@ -1,4 +1,40 @@

+0.9.15 / 2013-06-06
+===================
+
+  * transports: added escaping to htmlfile (fixes #1251)
+
+0.9.14 / 2013-03-29
+===================
+
+  * manager: fix memory leak with SSL [jpallen]
+
+0.9.13 / 2012-12-13
+===================
+
+  * package: fixed `base64id` requirement
+
+0.9.12 / 2012-12-13
+===================
+
+  * manager: fix for latest node which is returning a clone with `listeners` [viirya]
+
+0.9.11 / 2012-11-02
+===================
+
+  * package: move redis to optionalDependenices [3rd-Eden]
+  * bumped client
+
+0.9.10 / 2012-08-10
+===================
+
+  * Don't lowercase log messages
+  * Always set the HTTP response in case an error should be returned to the client
+  * Create or destroy the flash policy server on configuration change
+  * Honour configuration to disable flash policy server
+  * Add express 3.0 instructions on Readme.md
+  * Bump client
+
 0.9.9 / 2012-08-01
 ==================

--- a/Readme.md
+++ b/Readme.md
@@ -21,6 +21,25 @@ var io = require('socket.io');
 Next, attach it to a HTTP/HTTPS server. If you're using the fantastic `express`
 web framework:

+#### Express 3.x
+
+```js
+var app = express()
+  , server = require('http').createServer(app)
+  , io = io.listen(server);
+
+server.listen(80);
+
+io.sockets.on('connection', function (socket) {
+  socket.emit('news', { hello: 'world' });
+  socket.on('my other event', function (data) {
+    console.log(data);
+  });
+});
+```
+
+#### Express 2.x
+
 ```js
 var app = express.createServer()
  , io = io.listen(app);
--- a/lib/manager.js
+++ b/lib/manager.js
@@ -113,6 +113,7 @@ function Manager (server, options) {

  // reset listeners
  this.oldListeners = server.listeners('request').splice(0);
+  server.removeAllListeners('request');

  server.on('request', function (req, res) {
    self.handleRequest(req, res);
@@ -615,6 +616,7 @@ Manager.prototype.handleUpgrade = function (req, socket, head) {

  req.head = head;
  this.handleClient(data, req);
+  req.head = null;
 };

 /**
--- a/lib/socket.io.js
+++ b/lib/socket.io.js
@@ -15,7 +15,7 @@ var client = require('socket.io-client');
 * Version.
 */

-exports.version = '0.9.9';
+exports.version = '0.9.15';

 /**
 * Supported protocol version.
--- a/lib/transports/flashsocket.js
+++ b/lib/transports/flashsocket.js
@@ -1,4 +1,3 @@
-
 /*!
 * socket.io-node
 * Copyright(c) 2011 LearnBoost <dev@learnboost.com>
@@ -53,9 +52,16 @@ FlashSocket.prototype.name = 'flashsocket';
 FlashSocket.init = function (manager) {
  var server;
  function create () {
+
+    // Drop out immediately if the user has
+    // disabled the flash policy server
+    if (!manager.get('flash policy server')) {
+      return;
+    }
+
    server = require('policyfile').createServer({ 
      log: function(msg){
-        manager.log.info(msg.toLowerCase());
+        manager.log.info(msg);
      }
    }, manager.get('origins'));

@@ -93,6 +99,23 @@ FlashSocket.init = function (manager) {
    }
  });

+  // create or destroy the server
+  manager.on('set:flash policy server', function (value, key) {
+    var transports = manager.get('transports');
+    if (~transports.indexOf('flashsocket')) {
+      if (server && !value) {
+        // destroy the server
+        try {
+          server.close();
+        }
+        catch (e) { /* ignore exception. could e.g. be that the server isn't started yet */ }
+      }
+    } else if (!server && value) {
+      // create the server
+      create();
+    }
+  });
+
  // only start the server
  manager.on('set:transports', function (value, key){
    if (!server && ~manager.get('transports').indexOf('flashsocket')) {
--- a/lib/transports/htmlfile.js
+++ b/lib/transports/htmlfile.js
@@ -72,7 +72,8 @@ HTMLFile.prototype.handleRequest = function (req) {
 */

 HTMLFile.prototype.write = function (data) {
-  data = '<script>_(' + JSON.stringify(data) + ');</script>';
+  // escape all forward slashes. see GH-1251
+  data = '<script>_(' + JSON.stringify(data).replace(/\//g, '//') + ');</script>';

  if (this.response.write(data)) {
    this.drained = true;
--- a/lib/transports/http.js
+++ b/lib/transports/http.js
@@ -42,6 +42,10 @@ HTTPTransport.prototype.__proto__ = Transport.prototype;
 */

 HTTPTransport.prototype.handleRequest = function (req) {
+
+  // Always set the response in case an error is returned to the client
+  this.response = req.res;
+
  if (req.method == 'POST') {
    var buffer = ''
      , res = req.res
@@ -77,8 +81,6 @@ HTTPTransport.prototype.handleRequest = function (req) {
      headers['Access-Control-Allow-Credentials'] = 'true';
    }
  } else {
-    this.response = req.res;
-
    Transport.prototype.handleRequest.call(this, req);
  }
 };
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
    "name": "socket.io"
-  , "version": "0.9.9"
+  , "version": "0.9.15"
  , "description": "Real-time apps made cross-browser & easy with a WebSocket-like API"
  , "homepage": "http://socket.io"
  , "keywords": ["websocket", "socket", "realtime", "socket.io", "comet", "ajax"]
@@ -16,9 +16,9 @@
      , "url": "https://github.com/LearnBoost/socket.io.git"
    }
  , "dependencies": {
-        "socket.io-client": "0.9.9"
+        "socket.io-client": "0.9.15"
      , "policyfile": "0.0.4"
-      , "redis": "0.7.2"
+      , "base64id": "0.1.0"
    }
  , "devDependencies": {
        "expresso": "0.9.2"
@@ -27,6 +27,9 @@
      , "microtime": "0.1.3-1"
      , "colors": "0.5.1"
    }
+  , "optionalDependencies": {
+      "redis": "0.7.3"
+    }
  , "main": "index"
  , "engines": { "node": ">= 0.4.0" }
  , "scripts": {
Author	SHA1	Message	Date
Guillermo Rauch	64d8f572aa	Release 0.9.15	2013-06-06 08:22:29 -07:00
Guillermo Rauch	4e1ba9f872	transports: escaping (fixes #1251 )	2013-06-06 08:17:40 -07:00
Guillermo Rauch	5d93af994a	Release 0.9.14	2013-03-29 14:15:52 -07:00
Guillermo Rauch	6e25c802cc	manager: fix memory leak with SSL	2013-03-29 14:14:42 -07:00
Guillermo Rauch	37690f78d7	Release 0.9.13	2012-12-13 15:15:38 -03:00
Guillermo Rauch	3cbd00ca70	package: fixed `base64id` requirement	2012-12-13 15:15:15 -03:00
Guillermo Rauch	b2a8ed1421	Release 0.9.12	2012-12-13 08:19:16 -03:00
Guillermo Rauch	0d3313f536	manager: fix for latest node which is returning a clone with `listeners` [viirya]	2012-12-13 08:18:42 -03:00
Guillermo Rauch	3b7224c7e0	Release 0.9.11	2012-11-02 08:03:15 -07:00
Guillermo Rauch	2030cf1432	package: move redis to optionalDependenices [3rd-Eden]	2012-11-02 08:01:24 -07:00
Guillermo Rauch	de9e8dffe1	Release 0.9.10	2012-08-10 13:34:50 -07:00
Guillermo Rauch	3a3044ebba	Merge pull request #972 from Coreh/express-3.x-readme Add express 3.0 instructions on Readme.md	2012-08-10 10:17:55 -07:00
Guillermo Rauch	d10b4dd1bd	Merge pull request #985 from GICodeWarrior/log-case-fix Don't lowercase log messages	2012-08-08 18:03:57 -07:00
Rusty Burchfield	12beee2d63	Don't lowercase log messages Lowercasing log messages is unnecessary. It makes some messages difficult to read, and others difficult to search for.	2012-08-08 11:32:57 -07:00
Guillermo Rauch	875f14d16b	Revert "Fix infinite recursion in Websocket parsers." This reverts commit `c218468f67`.	2012-08-07 13:18:41 -07:00
Guillermo Rauch	8ca8990a0c	Merge pull request #983 from GICodeWarrior/parser-recursion Fix infinite recursion in Websocket parsers.	2012-08-06 13:16:37 -07:00
Rusty Burchfield	c218468f67	Fix infinite recursion in Websocket parsers. If a client is feeding messages faster than server can handle them, infinite recursion occurs. Basically, the "overflow" data gets added to the parser and it immediately parses a new message. The fix pushes the processing of the next message (in this edge case) onto the event queue. This prevents the stack from recursing indefinitely. This also prevents a fast client from starving other clients.	2012-08-06 13:03:51 -07:00
Guillermo Rauch	4164e3bd7e	Merge pull request #981 from doozr/honour-flash-settings Honour flash settings	2012-08-06 08:59:17 -07:00
Guillermo Rauch	46227e7ac9	Merge pull request #980 from doozr/jsonp-error-crash Always set the HTTP response in case an error should be returned to the client	2012-08-06 08:58:57 -07:00
Craig Andrews	d723d363b2	Always set the HTTP response in case an error should be returned to the client	2012-08-06 14:16:06 +01:00
Craig Andrews	fa1c1b2ada	Create or destroy the flash policy server on configuration change	2012-08-06 14:14:15 +01:00
Craig Andrews	d32a848c3f	Honour configuration to disable flash policy server	2012-08-06 14:14:14 +01:00
Marco Aurélio	bddf652c25	Add express 3.0 instructions on Readme.md	2012-07-30 15:53:47 -03:00