diff options
Diffstat (limited to 'activesupport')
-rw-r--r-- | activesupport/CHANGELOG | 2 | ||||
-rw-r--r-- | activesupport/lib/active_support/json/encoders/string.rb | 7 | ||||
-rw-r--r-- | activesupport/test/json/encoding_test.rb | 4 |
3 files changed, 8 insertions, 5 deletions
diff --git a/activesupport/CHANGELOG b/activesupport/CHANGELOG index a082135558..80f6c76401 100644 --- a/activesupport/CHANGELOG +++ b/activesupport/CHANGELOG @@ -1,5 +1,7 @@ *SVN* +* Change JSON to encode %w(< > &) as 4 digit hex codes to be in compliance with the JSON spec. Closes #9975 [josh, chuyeow, tpope] + * Fix JSON encoding/decoding bugs dealing with /'s. Closes #9990 [Rick, theamazingrando] * Introduce a base class for all test cases used by rails applications. ActiveSupport::TestCase [Koz] diff --git a/activesupport/lib/active_support/json/encoders/string.rb b/activesupport/lib/active_support/json/encoders/string.rb index 7ddc544294..ca74436802 100644 --- a/activesupport/lib/active_support/json/encoders/string.rb +++ b/activesupport/lib/active_support/json/encoders/string.rb @@ -9,8 +9,9 @@ module ActiveSupport "\t" => '\t', '"' => '\"', '\\' => '\\\\', - ">" => '\076', - '<' => '\074', + '>' => '\u003E', + '<' => '\u003C', + '&' => '\u0026', '/' => '\\/' } end @@ -19,7 +20,7 @@ end class String def to_json(options = nil) #:nodoc: - '"' + gsub(/[\010\f\n\r\t"\\><\/]/) { |s| + '"' + gsub(/[\010\f\n\r\t"\\><&\/]/) { |s| ActiveSupport::JSON::Encoding::ESCAPED_CHARS[s] }.gsub(/([\xC0-\xDF][\x80-\xBF]| [\xE0-\xEF][\x80-\xBF]{2}| diff --git a/activesupport/test/json/encoding_test.rb b/activesupport/test/json/encoding_test.rb index 8200dfcb62..888bf126dd 100644 --- a/activesupport/test/json/encoding_test.rb +++ b/activesupport/test/json/encoding_test.rb @@ -13,8 +13,8 @@ class TestJSONEncoding < Test::Unit::TestCase NumericTests = [[ 1, %(1) ], [ 2.5, %(2.5) ]] - StringTests = [[ 'this is the <string>', %("this is the \\074string\\076")], - [ 'a "string" with quotes', %("a \\"string\\" with quotes") ], + StringTests = [[ 'this is the <string>', %("this is the \\u003Cstring\\u003E")], + [ 'a "string" with quotes & an ampersand', %("a \\"string\\" with quotes \\u0026 an ampersand") ], [ 'http://test.host/posts/1', %("http:\\/\\/test.host\\/posts\\/1")]] ArrayTests = [[ ['a', 'b', 'c'], %([\"a\", \"b\", \"c\"]) ], |