diff options
| author | Rick Olson <technoweenie@gmail.com> | 2007-05-29 09:10:36 +0000 |
|---|---|---|
| committer | Rick Olson <technoweenie@gmail.com> | 2007-05-29 09:10:36 +0000 |
| commit | 0345c975879e352a5726ff9f91258fdb3afe8525 (patch) | |
| tree | cd756b9bbaba74250d8ade5a138fcde70f1ce386 /activesupport/lib/active_support/json | |
| parent | ae242b0d23df2893f398fb2ec97ba502b7bf361b (diff) | |
| download | rails-0345c975879e352a5726ff9f91258fdb3afe8525.tar.gz rails-0345c975879e352a5726ff9f91258fdb3afe8525.tar.bz2 rails-0345c975879e352a5726ff9f91258fdb3afe8525.zip | |
escape <'s and >'s in JSON strings. #8371 [Rick]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6893 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'activesupport/lib/active_support/json')
| -rw-r--r-- | activesupport/lib/active_support/json/encoders/string.rb | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/activesupport/lib/active_support/json/encoders/string.rb b/activesupport/lib/active_support/json/encoders/string.rb index 707298d987..f357262fc6 100644 --- a/activesupport/lib/active_support/json/encoders/string.rb +++ b/activesupport/lib/active_support/json/encoders/string.rb @@ -8,7 +8,9 @@ module ActiveSupport "\r" => '\r', "\t" => '\t', '"' => '\"', - '\\' => '\\\\' + '\\' => '\\\\', + ">" => '\076', + '<' => '\074' } end end @@ -16,7 +18,7 @@ end class String def to_json #:nodoc: - '"' + gsub(/[\010\f\n\r\t"\\]/) { |s| + '"' + gsub(/[\010\f\n\r\t"\\><]/) { |s| ActiveSupport::JSON::Encoding::ESCAPED_CHARS[s] }.gsub(/([\xC0-\xDF][\x80-\xBF]| [\xE0-\xEF][\x80-\xBF]{2}| |