Release 0.9.19

Properly require EventEmitter
One must use `require('events').EventEmitter` in node.js 0.10.x
2026-01-11 07:58:13 -05:00 · 2017-05-16 07:14:45 +02:00 · 2017-05-16 07:09:38 +02:00 · 2017-05-07 07:54:20 +02:00 · 2017-05-07 07:50:00 +02:00 · 2014-05-22 11:03:55 -07:00
15 changed files with 254 additions and 86 deletions
--- a/History.md
+++ b/History.md
@@ -1,4 +1,41 @@

+0.9.19 / 2017-05-16
+===================
+
+ * Properly require EventEmitter
+
+0.9.18 / 2017-05-07
+===================
+
+ * Remove process.EventEmitter usage for Node 7.x
+
+0.9.17 / 2014-05-22
+===================
+
+ * use static channels for remote syncing instead of subscribing/unsubscribing 5 channels for every connection
+ * Use destroy buffer size on websocket transport method as well
+ * http-polling : adding 'X-XSS-Protection : 0;' to headers necessary not only to jsonp-polling but http-polling
+
+0.9.16 / 2013-06-06
+===================
+
+  * transports: added tests for htmlfile escaping/unescaping
+
+0.9.15 / 2013-06-06
+===================
+
+  * transports: added escaping to htmlfile (fixes #1251)
+
+0.9.14 / 2013-03-29
+===================
+
+  * manager: fix memory leak with SSL [jpallen]
+
+0.9.13 / 2012-12-13
+===================
+
+  * package: fixed `base64id` requirement
+
 0.9.12 / 2012-12-13
 ===================

--- a/examples/irc-output/irc.js
+++ b/examples/irc-output/irc.js
@@ -39,7 +39,7 @@ var Client = irc.Client = function(host, port) {
  this.user = null;
  this.real = null;
 }
-sys.inherits(Client, process.EventEmitter);
+sys.inherits(Client, require('events').EventEmitter);

 Client.prototype.connect = function(nick, user, real) {
  var connection = tcp.createConnection(this.port, this.host);
--- a/lib/manager.js
+++ b/lib/manager.js
@@ -21,7 +21,7 @@ var fs = require('fs')
  , MemoryStore = require('./stores/memory')
  , SocketNamespace = require('./namespace')
  , Static = require('./static')
-  , EventEmitter = process.EventEmitter;
+  , EventEmitter = require('events').EventEmitter;

 /**
 * Export the constructor.
@@ -320,8 +320,46 @@ Manager.prototype.initStore = function () {
  this.store.subscribe('disconnect', function (id) {
    self.onDisconnect(id);
  });
-};

+  // we need to do this in a pub/sub way since the client can POST the message
+  // over a different socket (ie: different Transport instance)
+
+  //use persistent channel for these, don't add and remove 5 channels for every connection
+  //eg. for 10,000 concurrent users this creates 50,000 channels in redis, which kind of slows things down
+  //we only need 5 (extra) total channels at all times
+  this.store.subscribe('message-remote',function (id, packet) {
+    self.onClientMessage(id, packet);
+  });
+
+  this.store.subscribe('disconnect-remote', function (id, reason) {
+    self.onClientDisconnect(id, reason);
+  });
+
+  this.store.subscribe('dispatch-remote', function (id, packet, volatile) {
+    var transport = self.transports[id];
+    if (transport) {
+      transport.onDispatch(packet, volatile);
+    }
+
+    if (!volatile) {
+      self.onClientDispatch(id, packet);
+    }
+  });
+
+  this.store.subscribe('heartbeat-clear', function (id) {
+    var transport = self.transports[id];
+    if (transport) {
+      transport.onHeartbeatClear();
+    }
+  });
+
+  this.store.subscribe('disconnect-force', function (id) {
+    var transport = self.transports[id];
+    if (transport) {
+      transport.onForcedDisconnect();
+    }
+  });
+};
 /**
 * Called when a client handshakes.
 *
@@ -354,19 +392,17 @@ Manager.prototype.onOpen = function (id) {
  if (this.closed[id]) {
    var self = this;

-    this.store.unsubscribe('dispatch:' + id, function () {
-      var transport = self.transports[id];
-      if (self.closed[id] && self.closed[id].length && transport) {
+    var transport = self.transports[id];
+    if (self.closed[id] && self.closed[id].length && transport) {

-        // if we have buffered messages that accumulate between calling
-        // onOpen an this async callback, send them if the transport is 
-        // still open, otherwise leave them buffered
-        if (transport.open) {
-          transport.payload(self.closed[id]);
-          self.closed[id] = [];
-        }
+      // if we have buffered messages that accumulate between calling
+      // onOpen an this async callback, send them if the transport is
+      // still open, otherwise leave them buffered
+      if (transport.open) {
+        transport.payload(self.closed[id]);
+        self.closed[id] = [];
      }
-    });
+    }
  }

  // clear the current transport
@@ -457,12 +493,6 @@ Manager.prototype.onClose = function (id) {
  this.closed[id] = [];

  var self = this;
-
-  this.store.subscribe('dispatch:' + id, function (packet, volatile) {
-    if (!volatile) {
-      self.onClientDispatch(id, packet);
-    }
-  });
 };

 /**
@@ -512,7 +542,7 @@ Manager.prototype.onClientDisconnect = function (id, reason) {
 * @param text
 */

-Manager.prototype.onDisconnect = function (id, local) {
+Manager.prototype.onDisconnect = function (id) {
  delete this.handshaken[id];

  if (this.open[id]) {
@@ -542,13 +572,6 @@ Manager.prototype.onDisconnect = function (id, local) {
  }

  this.store.destroyClient(id, this.get('client store expiration'));
-
-  this.store.unsubscribe('dispatch:' + id);
-
-  if (local) {
-    this.store.unsubscribe('message:' + id);
-    this.store.unsubscribe('disconnect:' + id);
-  }
 };

 /**
@@ -616,6 +639,7 @@ Manager.prototype.handleUpgrade = function (req, socket, head) {

  req.head = head;
  this.handleClient(data, req);
+  req.head = null;
 };

 /**
@@ -645,7 +669,7 @@ Manager.prototype.handleClient = function (data, req) {
    if (this.transports[data.id] && this.transports[data.id].open) {
      this.transports[data.id].onForcedDisconnect();
    } else {
-      this.store.publish('disconnect-force:' + data.id);
+      this.store.publish('disconnect-force', data.id);
    }
    req.res.writeHead(200);
    req.res.end();
@@ -698,14 +722,6 @@ Manager.prototype.handleClient = function (data, req) {
          }
        }
      }
-
-      this.store.subscribe('message:' + data.id, function (packet) {
-        self.onClientMessage(data.id, packet);
-      });
-
-      this.store.subscribe('disconnect:' + data.id, function (reason) {
-        self.onClientDisconnect(data.id, reason);
-      });
    }
  } else {
    if (transport.open) {
@@ -801,11 +817,11 @@ Manager.prototype.handleHandshake = function (data, req, res) {
        res.writeHead(200, headers);
      }

-      res.end(hs);
-
      self.onHandshake(id, newData || handshakeData);
      self.store.publish('handshake', id, newData || handshakeData);

+      res.end(hs);
+
      self.log.info('handshake authorized', id);
    } else {
      writeErr(403, 'handshake unauthorized');
--- a/lib/namespace.js
+++ b/lib/namespace.js
@@ -3,7 +3,7 @@
 */

 var Socket = require('./socket')
-  , EventEmitter = process.EventEmitter
+  , EventEmitter = require('events').EventEmitter
  , parser = require('./parser')
  , util = require('./util');

--- a/lib/socket.io.js
+++ b/lib/socket.io.js
@@ -15,7 +15,7 @@ var client = require('socket.io-client');
 * Version.
 */

-exports.version = '0.9.11';
+exports.version = '0.9.16';

 /**
 * Supported protocol version.
--- a/lib/socket.js
+++ b/lib/socket.js
@@ -11,7 +11,7 @@

 var parser = require('./parser')
  , util = require('./util')
-  , EventEmitter = process.EventEmitter
+  , EventEmitter = require('events').EventEmitter

 /**
 * Export the constructor.
@@ -233,7 +233,7 @@ Socket.prototype.dispatch = function (packet, volatile) {
      this.manager.onClientDispatch(this.id, packet, volatile);
    }

-    this.manager.store.publish('dispatch:' + this.id, packet, volatile);
+    this.manager.store.publish('dispatch-remote', this.id, packet, volatile);
  }
 };

@@ -296,7 +296,7 @@ Socket.prototype.disconnect = function () {
        this.manager.transports[this.id].onForcedDisconnect();
      } else {
        this.manager.onClientDisconnect(this.id);
-        this.manager.store.publish('disconnect:' + this.id);
+        this.manager.store.publish('disconnect-remote', this.id);
      }
    } else {
      this.packet({type: 'disconnect'});
--- a/lib/store.js
+++ b/lib/store.js
@@ -15,7 +15,7 @@ exports = module.exports = Store;
 * Module dependencies.
 */

-var EventEmitter = process.EventEmitter;
+var EventEmitter = require('events').EventEmitter;

 /**
 * Store interface
--- a/lib/transport.js
+++ b/lib/transport.js
@@ -89,20 +89,6 @@ Transport.prototype.onSocketConnect = function () { };
 Transport.prototype.setHandlers = function () {
  var self = this;

-  // we need to do this in a pub/sub way since the client can POST the message
-  // over a different socket (ie: different Transport instance)
-  this.store.subscribe('heartbeat-clear:' + this.id, function () {
-    self.onHeartbeatClear();
-  });
-
-  this.store.subscribe('disconnect-force:' + this.id, function () {
-    self.onForcedDisconnect();
-  });
-
-  this.store.subscribe('dispatch:' + this.id, function (packet, volatile) {
-    self.onDispatch(packet, volatile);
-  });
-
  this.bound = {
      end: this.onSocketEnd.bind(this)
    , close: this.onSocketClose.bind(this)
@@ -126,10 +112,6 @@ Transport.prototype.setHandlers = function () {

 Transport.prototype.clearHandlers = function () {
  if (this.handlersSet) {
-    this.store.unsubscribe('disconnect-force:' + this.id);
-    this.store.unsubscribe('heartbeat-clear:' + this.id);
-    this.store.unsubscribe('dispatch:' + this.id);
-
    this.socket.removeListener('end', this.bound.end);
    this.socket.removeListener('close', this.bound.close);
    this.socket.removeListener('error', this.bound.error);
@@ -350,7 +332,7 @@ Transport.prototype.onMessage = function (packet) {
    if (current && current.open) {
      current.onHeartbeatClear();
    } else {
-      this.store.publish('heartbeat-clear:' + this.id);
+      this.store.publish('heartbeat-clear', this.id);
    }
  } else {
    if ('disconnect' == packet.type && packet.endpoint == '') {
@@ -359,7 +341,7 @@ Transport.prototype.onMessage = function (packet) {
      if (current) {
        current.onForcedDisconnect();
      } else {
-        this.store.publish('disconnect-force:' + this.id);
+        this.store.publish('disconnect-force', this.id);
      }

      return;
@@ -378,7 +360,7 @@ Transport.prototype.onMessage = function (packet) {
        current.onDispatch(ack);
      } else {
        this.manager.onClientDispatch(this.id, ack);
-        this.store.publish('dispatch:' + this.id, ack);
+        this.store.publish('dispatch-remote', this.id, ack);
      }
    }

@@ -386,7 +368,7 @@ Transport.prototype.onMessage = function (packet) {
    if (current) {
      this.manager.onClientMessage(this.id, packet);
    } else {
-      this.store.publish('message:' + this.id, packet);
+      this.store.publish('message-remote', this.id, packet);
    }
  }
 };
@@ -464,10 +446,10 @@ Transport.prototype.end = function (reason) {
    this.disconnected = true;

    if (local) {
-      this.manager.onClientDisconnect(this.id, reason, true);
-    } else {
-      this.store.publish('disconnect:' + this.id, reason);
+      this.manager.onClientDisconnect(this.id, reason);
    }
+
+    this.store.publish('disconnect-remote', this.id, reason);
  }
 };

--- a/lib/transports/htmlfile.js
+++ b/lib/transports/htmlfile.js
@@ -72,7 +72,8 @@ HTMLFile.prototype.handleRequest = function (req) {
 */

 HTMLFile.prototype.write = function (data) {
-  data = '<script>_(' + JSON.stringify(data) + ');</script>';
+  // escape all forward slashes. see GH-1251
+  data = '<script>_(' + JSON.stringify(data).replace(/\//g, '\\/') + ');</script>';

  if (this.response.write(data)) {
    this.drained = true;
--- a/lib/transports/http.js
+++ b/lib/transports/http.js
@@ -79,6 +79,7 @@ HTTPTransport.prototype.handleRequest = function (req) {
      // https://developer.mozilla.org/En/HTTP_Access_Control
      headers['Access-Control-Allow-Origin'] = origin;
      headers['Access-Control-Allow-Credentials'] = 'true';
+      headers['X-XSS-Protection'] = '0';
    }
  } else {
    Transport.prototype.handleRequest.call(this, req);
--- a/lib/transports/websocket/default.js
+++ b/lib/transports/websocket/default.js
@@ -9,7 +9,7 @@
 */

 var Transport = require('../../transport')
-  , EventEmitter = process.EventEmitter
+  , EventEmitter = require('events').EventEmitter
  , crypto = require('crypto')
  , parser = require('../../parser');

@@ -30,7 +30,7 @@ function WebSocket (mng, data, req) {
  // parser
  var self = this;

-  this.parser = new Parser();
+  this.parser = new Parser({maxBuffer: mng.get('destroy buffer size')});
  this.parser.on('data', function (packet) {
    self.log.debug(self.name + ' received data packet', packet);
    self.onMessage(parser.decodePacket(packet));
@@ -41,6 +41,11 @@ function WebSocket (mng, data, req) {
  this.parser.on('error', function () {
    self.end();
  });
+  this.parser.on('kick', function (reason) {
+    self.log.warn(self.name + ' parser forced user kick: ' + reason);
+    self.onMessage({type: 'disconnect', endpoint: ''});
+    self.end();
+  });

  Transport.call(this, mng, data, req);
 };
@@ -293,7 +298,9 @@ WebSocket.prototype.doClose = function () {
 * @api public
 */

-function Parser () {
+function Parser (opts) {
+  this._maxBuffer = (opts && opts.maxBuffer) || 10E7;
+  this._dataLength = 0;
  this.buffer = '';
  this.i = 0;
 };
@@ -311,6 +318,13 @@ Parser.prototype.__proto__ = EventEmitter.prototype;
 */

 Parser.prototype.add = function (data) {
+  this._dataLength += data.length;
+  if(this._dataLength > this._maxBuffer) {
+    this.buffer = ''; //Clear buffer
+    this.emit('kick', 'max buffer size reached');
+    return;
+  }
+
  this.buffer += data;
  this.parse();
 };
--- a/lib/transports/websocket/hybi-07-12.js
+++ b/lib/transports/websocket/hybi-07-12.js
@@ -10,7 +10,7 @@
 */

 var Transport = require('../../transport')
-  , EventEmitter = process.EventEmitter
+  , EventEmitter = require('events').EventEmitter
  , crypto = require('crypto')
  , url = require('url')
  , parser = require('../../parser')
@@ -35,7 +35,7 @@ function WebSocket (mng, data, req) {
  var self = this;

  this.manager = mng;
-  this.parser = new Parser();
+  this.parser = new Parser({maxBuffer: mng.get('destroy buffer size')});
  this.parser.on('data', function (packet) {
    self.onMessage(parser.decodePacket(packet));
  });
@@ -56,6 +56,11 @@ function WebSocket (mng, data, req) {
    self.log.warn(self.name + ' parser error: ' + reason);
    self.end();
  });
+  this.parser.on('kick', function (reason) {
+    self.log.warn(self.name + ' parser forced user kick: ' + reason);
+    self.onMessage({type: 'disconnect', endpoint: ''});
+    self.end();
+  });

  Transport.call(this, mng, data, req);
 };
@@ -266,7 +271,7 @@ WebSocket.prototype.doClose = function () {
 * @api public
 */
 
-function Parser () {
+function Parser (opts) {
  this.state = {
    activeFragmentedOperation: null,
    lastFragment: false,
@@ -278,6 +283,8 @@ function Parser () {
  this.expectBuffer = null;
  this.expectHandler = null;
  this.currentMessage = '';
+  this._maxBuffer = (opts && opts.maxBuffer) || 10E7;
+  this._dataLength = 0;

  var self = this;  
  this.opcodeHandlers = {
@@ -448,6 +455,15 @@ Parser.prototype.__proto__ = EventEmitter.prototype;
 */

 Parser.prototype.add = function(data) {
+  this._dataLength += data.length;
+  if (this._dataLength > this._maxBuffer) {
+    // Clear data
+    this.overflow = null;
+    this.expectBuffer = null;
+    // Kick client
+    this.emit('kick', 'max buffer size reached');
+    return;
+  }
  if (this.expectBuffer == null) {
    this.addToOverflow(data);
    return;
@@ -491,6 +507,10 @@ Parser.prototype.addToOverflow = function(data) {
 */

 Parser.prototype.expect = function(what, length, handler) {
+  if (length > this._maxBuffer) {
+    this.emit('kick', 'expected input larger than max buffer');
+    return;
+  }
  this.expectBuffer = new Buffer(length);
  this.expectOffset = 0;
  this.expectHandler = handler;
--- a/lib/transports/websocket/hybi-16.js
+++ b/lib/transports/websocket/hybi-16.js
@@ -9,7 +9,7 @@
 */

 var Transport = require('../../transport')
-  , EventEmitter = process.EventEmitter
+  , EventEmitter = require('events').EventEmitter
  , crypto = require('crypto')
  , url = require('url')
  , parser = require('../../parser')
@@ -34,7 +34,7 @@ function WebSocket (mng, data, req) {
  var self = this;

  this.manager = mng;
-  this.parser = new Parser();
+  this.parser = new Parser({maxBuffer: mng.get('destroy buffer size')});
  this.parser.on('data', function (packet) {
    self.onMessage(parser.decodePacket(packet));
  });
@@ -55,6 +55,11 @@ function WebSocket (mng, data, req) {
    self.log.warn(self.name + ' parser error: ' + reason);
    self.end();
  });
+  this.parser.on('kick', function (reason) {
+    self.log.warn(self.name + ' parser forced user kick: ' + reason);
+    self.onMessage({type: 'disconnect', endpoint: ''});
+    self.end();
+  });

  Transport.call(this, mng, data, req);
 };
@@ -265,7 +270,7 @@ WebSocket.prototype.doClose = function () {
 * @api public
 */
 
-function Parser () {
+function Parser (opts) {
  this.state = {
    activeFragmentedOperation: null,
    lastFragment: false,
@@ -277,6 +282,8 @@ function Parser () {
  this.expectBuffer = null;
  this.expectHandler = null;
  this.currentMessage = '';
+  this._maxBuffer = (opts && opts.maxBuffer) || 10E7;
+  this._dataLength = 0;

  var self = this;  
  this.opcodeHandlers = {
@@ -447,6 +454,15 @@ Parser.prototype.__proto__ = EventEmitter.prototype;
 */

 Parser.prototype.add = function(data) {
+  this._dataLength += data.length;
+  if (this._dataLength > this._maxBuffer) {
+    // Clear data
+    this.overflow = null;
+    this.expectBuffer = null;
+    // Kick client
+    this.emit('kick', 'max buffer size reached');
+    return;
+  }
  if (this.expectBuffer == null) {
    this.addToOverflow(data);
    return;
@@ -490,6 +506,10 @@ Parser.prototype.addToOverflow = function(data) {
 */

 Parser.prototype.expect = function(what, length, handler) {
+  if (length > this._maxBuffer) {
+    this.emit('kick', 'expected input larger than max buffer');
+    return;
+  }
  this.expectBuffer = new Buffer(length);
  this.expectOffset = 0;
  this.expectHandler = handler;
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
    "name": "socket.io"
-  , "version": "0.9.12"
+  , "version": "0.9.19"
  , "description": "Real-time apps made cross-browser & easy with a WebSocket-like API"
  , "homepage": "http://socket.io"
  , "keywords": ["websocket", "socket", "realtime", "socket.io", "comet", "ajax"]
@@ -16,14 +16,15 @@
      , "url": "https://github.com/LearnBoost/socket.io.git"
    }
  , "dependencies": {
-        "socket.io-client": "0.9.11"
+        "socket.io-client": "0.9.16"
      , "policyfile": "0.0.4"
+      , "base64id": "0.1.0"
    }
  , "devDependencies": {
        "expresso": "0.9.2"
      , "should": "*"
      , "benchmark": "0.2.2"
-      , "microtime": "0.1.3-1"
+      , "microtime": "2.1.3"
      , "colors": "0.5.1"
    }
  , "optionalDependencies": {
--- a/test/transports.htmlfile.test.js
+++ b/test/transports.htmlfile.test.js
@@ -77,10 +77,14 @@ HTMLFile.prototype.data = function (path, opts, fn) {

          case 2:
            if (buf.indexOf(foot) != -1) {
-              var data = buf.slice(0, buf.indexOf(foot))
-                , obj = JSON.parse(data);
+              var data = buf.slice(0, buf.indexOf(foot));

-              fn(obj === '' ? obj : parser.decodePayload(obj), ++messages);
+              if (false === opts.parse) {
+                fn(data, ++messages);
+              } else {
+                var obj = JSON.parse(data);
+                fn(obj === '' ? obj : parser.decodePayload(obj), ++messages);
+              }

              buf = buf.substr(data.length + foot.length);
              state = 1;
@@ -453,6 +457,78 @@ module.exports = {
        }
      });
    });
+  },
+
+  'test escaping for security': function (done) {
+    var port = ++ports
+      , cl = client(port)
+      , io = create(cl)
+      , messaged = false;
+
+    io.configure(function () {
+      io.set('close timeout', 0);
+    });
+
+    io.sockets.on('connection', function (socket) {
+      socket.emit('</script> woot');
+
+      socket.on('disconnect', function () {
+        io.server.close();
+        done();
+      });
+    });
+
+    cl.handshake(function (sid) {
+      cl.data('/socket.io/{protocol}/htmlfile/' + sid, { parse: false }, function (msg, i) {
+        switch (i) {
+          case 2:
+            msg.should.not.include('</script');
+            cl.end();
+        }
+      });
+    });
+  },
+
+  'test that unescaping works': function(done){
+    var port = ++ports
+      , cl = client(port)
+      , io = create(cl)
+      , messaged = false;
+
+    io.configure(function () {
+      io.set('close timeout', 0);
+    });
+
+    io.sockets.on('connection', function (socket) {
+      socket.emit('woot </script> <//script>', '</script><script>');
+
+      socket.on('disconnect', function () {
+        io.server.close();
+        done();
+      });
+    });
+
+    cl.handshake(function (sid) {
+      cl.data('/socket.io/{protocol}/htmlfile/' + sid, function (msgs, i) {
+        switch (i) {
+          case 1:
+            msgs.should.have.length(1);
+            msgs[0].type.should.eql('connect');
+            msgs[0].endpoint.should.eql('');
+            break;
+
+          case 2:
+            msgs.should.have.length(1);
+            msgs[0].should.eql({
+                type: 'event'
+              , name: 'woot </script> <//script>'
+              , endpoint: ''
+              , args: ['</script><script>']
+            });
+            cl.end();
+        }
+      });
+    });
  }

 };
Author	SHA1	Message	Date
Damien Arrachequesne	41b9a7e45d	Release 0.9.19	2017-05-16 07:14:45 +02:00
Damien Arrachequesne	e4d61b1be6	Properly require EventEmitter One must use `require('events').EventEmitter` in node.js 0.10.x	2017-05-16 07:09:38 +02:00
Damien Arrachequesne	ed74dee3b0	Release 0.9.18	2017-05-07 07:54:20 +02:00
John Chadwick	9ad1fd2771	Remove process.EventEmitter usage for Node 7.x process.EventEmitter has been deprecated and removed from Node.	2017-05-07 07:50:00 +02:00
Guillermo Rauch	d25c5484c3	Release 0.9.17	2014-05-22 11:03:55 -07:00
Guillermo Rauch	fea676b90e	Merge pull request #1371 from surespot/channelfix Use static channels for node syncing.	2014-05-22 10:49:53 -07:00
Adam Patacchiola	386d2a9c0c	don't call non existant transport onDisconnect	2013-12-13 10:02:20 -07:00
Adam Patacchiola	8b47789414	use static channels for remote syncing instead of subscribing/unsubscribing 5 channels for every connection	2013-12-13 07:22:43 -07:00
Guillermo Rauch	47b06c0fcf	Merge pull request #1333 from yujiosaka/0.9 http-polling : adding 'X-XSS-Protection : 0;' to headers necessary not o...	2013-12-09 08:17:42 -08:00
Guillermo Rauch	9823325a1f	Merge pull request #1346 from DeadAlready/0.9-security-fix Use destroy buffer size on websocket transport method as well	2013-11-15 04:01:16 -08:00
Karl Düüna	a47d76b990	Use destroy buffer size on websocket transport method as well	2013-11-15 10:31:00 +02:00
yujiosaka	db3ac4b415	http-polling : adding 'X-XSS-Protection : 0;' to headers necessary not only to jsonp-polling but http-polling	2013-10-24 14:53:19 +09:00
Guillermo Rauch	b9a2804b1a	Merge pull request #1323 from tico8/0.9-bug Memory leak : If a lot of connections continue being disconnected, a memory will leak.	2013-10-09 08:32:44 -07:00
tico8	b4182a5d42	Memory leak : If a lot of connections continue being disconnected, a memory will leak.	2013-10-09 01:06:02 +09:00
Guillermo Rauch	5120a706f2	Release 0.9.16	2013-06-06 08:39:48 -07:00
Guillermo Rauch	ee078cb124	transports: added tests for htmlfile escaping/unescaping	2013-06-06 08:38:57 -07:00
Guillermo Rauch	64d8f572aa	Release 0.9.15	2013-06-06 08:22:29 -07:00
Guillermo Rauch	4e1ba9f872	transports: escaping (fixes #1251 )	2013-06-06 08:17:40 -07:00
Guillermo Rauch	5d93af994a	Release 0.9.14	2013-03-29 14:15:52 -07:00
Guillermo Rauch	6e25c802cc	manager: fix memory leak with SSL	2013-03-29 14:14:42 -07:00
Guillermo Rauch	37690f78d7	Release 0.9.13	2012-12-13 15:15:38 -03:00
Guillermo Rauch	3cbd00ca70	package: fixed `base64id` requirement	2012-12-13 15:15:15 -03:00