Fix ActiveSupport::JSON encoding of control characters [\x00-\x1f]

According to RFC 4627, only the following Unicode code points are
allowed unescaped in JSON:

  unescaped = %x20-21 / %x23-5B / %x5D-10FFFF

However, ActiveSupport::JSON did not escape the range %x00-1f.  This caused
parse errors when trying to decode the resulting output.

[#3345 state:committed]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>

1 files changed, 11 insertions, 2 deletions

diff --git a/activesupport/lib/active_support/json/encoding.rb b/activesupport/lib/active_support/json/encoding.rb
index 3c15056c41..c8415d5449 100644
--- a/activesupport/lib/active_support/json/encoding.rb
+++ b/activesupport/lib/active_support/json/encoding.rb
@@ -65,6 +65,15 @@ module ActiveSupport
 
 
       ESCAPED_CHARS = {
+        "\x00" => '\u0000', "\x01" => '\u0001', "\x02" => '\u0002',
+        "\x03" => '\u0003', "\x04" => '\u0004', "\x05" => '\u0005',
+        "\x06" => '\u0006', "\x07" => '\u0007', "\x0B" => '\u000B',
+        "\x0E" => '\u000E', "\x0F" => '\u000F', "\x10" => '\u0010',
+        "\x11" => '\u0011', "\x12" => '\u0012', "\x13" => '\u0013',
+        "\x14" => '\u0014', "\x15" => '\u0015', "\x16" => '\u0016',
+        "\x17" => '\u0017', "\x18" => '\u0018', "\x19" => '\u0019',
+        "\x1A" => '\u001A', "\x1B" => '\u001B', "\x1C" => '\u001C',
+        "\x1D" => '\u001D', "\x1E" => '\u001E', "\x1F" => '\u001F',
         "\010" =>  '\b',
         "\f"   =>  '\f',
         "\n"   =>  '\n',
@@ -86,9 +95,9 @@ module ActiveSupport
         def escape_html_entities_in_json=(value)
           self.escape_regex = \
             if @escape_html_entities_in_json = value
-              /[\010\f\n\r\t"\\><&]/
+              /[\x00-\x1F"\\><&]/
             else
-              /[\010\f\n\r\t"\\]/
+              /[\x00-\x1F"\\]/
             end
         end