From 2dd3b224efc3f41806d5a1e9340311d504701fff Mon Sep 17 00:00:00 2001
From: Chris Gamble <cgamble@twitch.tv>
Date: Tue, 8 Jul 2014 17:17:56 -0700
Subject: [PATCH] Fix CVE-2014-4671

---
 lib/rack/contrib/jsonp.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/rack/contrib/jsonp.rb b/lib/rack/contrib/jsonp.rb
index 69df9af2..7ba9c382 100644
--- a/lib/rack/contrib/jsonp.rb
+++ b/lib/rack/contrib/jsonp.rb
@@ -99,7 +99,7 @@ def pad(callback, response, body = "")
       # https://github.com/rack/rack-contrib/issues/46
       response.close if response.respond_to?(:close)
 
-      ["#{callback}(#{body})"]
+      ["/**/#{callback}(#{body})"]
     end
 
     def bad_request(body = "Bad Request")