Merge pull request #93 from justintv/master

Fix CVE-2014-4671

Author: manveru

lib/rack/contrib/jsonp.rb

@@ -99,7 +99,7 @@ def pad(callback, response, body = "")
       # https://github.com/rack/rack-contrib/issues/46
       response.close if response.respond_to?(:close)
 
-      ["#{callback}(#{body})"]
+      ["/**/#{callback}(#{body})"]
     end
 
     def bad_request(body = "Bad Request")