No callback on HTTP response.end?

You are reading a single comment by @Mr.Peu and its replies. Click here to read the full conversation.

•

Gordon
I'm not sure to understand what you mean.

Just that if you have the following:
```
var response = "Hello";
http.createServer(function (req, res) { res.end(response); });
```
But you do this:
```
response = function() { console.log('Oh no!'); };
```
Then the behaviour is totally different. It just sounds pretty dangerous - maybe you intended to send the function to the client as a JS file when writing the code, but actually without warning or error it executes it on the server!

•

Mr.Peu in reply to @Gordon

Well you should never just execute any code coming from outside, that's for sure. You always have to make some sanity check on the received data.
But I agree that this syntax is kind of dirty and dangerous!

About

Avatar for Mr.Peu @Mr.Peu started