From def8bbefd0ab1fac5eba4e3d48790dcb4a2185e1 Mon Sep 17 00:00:00 2001
From: maxogden <max@maxogden.com>
Date: Fri, 29 Apr 2011 16:27:45 -0700
Subject: [PATCH] properly escape csv headers

---
 lists/csv.js       | 4 ++--
 lists/urlencode.js | 4 +++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/lists/csv.js b/lists/csv.js
index bee5b438..a6816f8d 100644
--- a/lists/csv.js
+++ b/lists/csv.js
@@ -9,11 +9,11 @@
  */
 function(head, req) {  
   if ('headers' in req.query) {
-    var headers = eval(unescape(req.query.headers.split(',')));
+    var headers = JSON.parse(unescape(req.query.headers))[0];
     var row, sep = '\n', headerSent = false, startedOutput = false;
     
     start({"headers":{"Content-Type" : "text/x-csv"}});
-    send(headers.join(',') + "\n");
+    send('"' + headers.join('","') + '"\n');
     while (row = getRow()) {
       for (var header in headers) {
         if (row.value[headers[header]]) {
diff --git a/lists/urlencode.js b/lists/urlencode.js
index b90e6cd4..908a4a15 100644
--- a/lists/urlencode.js
+++ b/lists/urlencode.js
@@ -12,9 +12,11 @@ function(head, req) {
 
   if ('callback' in req.query) send(req.query['callback'] + "(");
 
+  var rows = []
   while (row = getRow()) {
-    send(escape(JSON.stringify(row.value)));
+    rows.push(row.value)
   }
+  send(escape(JSON.stringify(rows)));
   
   if ('callback' in req.query) send(")");
 };