From 9b9b2937ce3bef3bca9d22821e76c40cc74fa689 Mon Sep 17 00:00:00 2001
From: Tim Pope <code@tpope.net>
Date: Tue, 10 Mar 2009 09:33:58 -0300
Subject: Properly decode \u escape sequences in JSON [#1100 state:resolved]
 [Tim Pope, Philip Hallstrom]

Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
---
 activesupport/lib/active_support/json/decoding.rb | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

(limited to 'activesupport/lib/active_support')

diff --git a/activesupport/lib/active_support/json/decoding.rb b/activesupport/lib/active_support/json/decoding.rb
index 5eb8c0fd7d..ed64c3117b 100644
--- a/activesupport/lib/active_support/json/decoding.rb
+++ b/activesupport/lib/active_support/json/decoding.rb
@@ -43,14 +43,31 @@ module ActiveSupport
           end
 
           if marks.empty?
-            json.gsub(/\\\//, '/')
+            json.gsub(/\\([\\\/]|u[[:xdigit:]]{4})/) do
+              ustr = $1
+              if ustr.starts_with?('u')
+                [ustr[1..-1].to_i(16)].pack("U")
+              elsif ustr == '\\'
+                '\\\\'
+              else
+                ustr
+              end
+            end
           else
             left_pos  = [-1].push(*marks)
             right_pos = marks << scanner.pos + scanner.rest_size
             output    = []
             left_pos.each_with_index do |left, i|
-              scanner.pos = left.succ
-              output << scanner.peek(right_pos[i] - scanner.pos + 1)
+              output << json[left.succ..right_pos[i]].gsub(/\\([\\\/]|u[[:xdigit:]]{4})/) do
+                ustr = $1
+                if ustr.starts_with?('u')
+                  [ustr[1..-1].to_i(16)].pack("U")
+                elsif ustr == '\\'
+                '\\\\'
+                else
+                  ustr
+                end
+              end
             end
             output = output * " "
             
-- 
cgit v1.2.3