diff options
| author | zackham <zackham@gmail.com> | 2013-04-02 13:18:24 -0700 |
|---|---|---|
| committer | zackham <zackham@gmail.com> | 2013-04-02 13:18:24 -0700 |
| commit | 9b8ee8e006db581eb34dc0fa1d230653b7a1c956 (patch) | |
| tree | e7d3286213b573da9056fd0d8bef43fc3464a5a2 /actionpack/lib/action_dispatch/middleware | |
| parent | 4ae089b661a78180bb978a34d294e8a9e076f652 (diff) | |
| download | rails-9b8ee8e006db581eb34dc0fa1d230653b7a1c956.tar.gz rails-9b8ee8e006db581eb34dc0fa1d230653b7a1c956.tar.bz2 rails-9b8ee8e006db581eb34dc0fa1d230653b7a1c956.zip | |
Escape multibyte line terminators in JSON encoding
Currently, json/encoding respects the JSON spec (as it should) which
disallows \n and \r inside strings, escaping them as expected.
Unfortunately, ECMA-262 (Javascript) disallows not only \n and \r in
strings, but "Line Terminators" which includes U+2028 and U+2029.
See here: http://bclary.com/2004/11/07/#a-7.3
This pull request adds U+2028 and U+2029 to be escaped.
# Why?
It's very common to see something like this in a Rails template:
<script type="text/javascript">
var posts = <%= @posts.to_json %>;
</script>
If U+2028 or U+2029 are part of any attributes output in the to_json
call, you will end up with an exception.
In Chrome: Uncaught SyntaxError: Unexpected token ILLEGAL
# Why not?
This is JSON encoding, and the JSON spec is specific about how to
encode strings. U+2028 and U+2029 don't get special treatment.
Just trying to start a discussion... what do you do in your apps
to deal with this? Is there a convention I'm missing?
Diffstat (limited to 'actionpack/lib/action_dispatch/middleware')
0 files changed, 0 insertions, 0 deletions