From 582b44175b627e3578fe71e1d452c429022da636 Mon Sep 17 00:00:00 2001 From: Mario Caropreso Date: Thu, 9 May 2013 13:41:56 +0100 Subject: Added escaping of U+2028 and U+2029 inside the json encoder. U+2028 and U+2029 are allowed inside strings in JSON (as all literal Unicode characters) but JavaScript defines them as newline seperators. Because no literal newlines are allowed in a string, this causes a ParseError in the browser. We work around this issue by replacing them with the escaped version. The resulting JSON is still valid and can be parsed in the browser. This commit has been coauthored with Viktor Kelemen @yikulju --- activesupport/lib/active_support/json/encoding.rb | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'activesupport/lib') diff --git a/activesupport/lib/active_support/json/encoding.rb b/activesupport/lib/active_support/json/encoding.rb index 9bf1ea35b3..db05b09a66 100644 --- a/activesupport/lib/active_support/json/encoding.rb +++ b/activesupport/lib/active_support/json/encoding.rb @@ -104,7 +104,10 @@ module ActiveSupport '\\' => '\\\\', '>' => '\u003E', '<' => '\u003C', - '&' => '\u0026' } + '&' => '\u0026', + "#{0xe2.chr}#{0x80.chr}#{0xa8.chr}" => '\u2028', + "#{0xe2.chr}#{0x80.chr}#{0xa9.chr}" => '\u2029', + } class << self # If true, use ISO 8601 format for dates and times. Otherwise, fall back @@ -121,9 +124,9 @@ module ActiveSupport def escape_html_entities_in_json=(value) self.escape_regex = \ if @escape_html_entities_in_json = value - /[\x00-\x1F"\\><&]/ + /[\x00-\x1F"\\><&]|#{0xe2.chr}#{0x80.chr}#{0xa8.chr}|#{0xe2.chr}#{0x80.chr}#{0xa9.chr}/ else - /[\x00-\x1F"\\]/ + /[\x00-\x1F"\\]|#{0xe2.chr}#{0x80.chr}#{0xa8.chr}|#{0xe2.chr}#{0x80.chr}#{0xa9.chr}/ end end -- cgit v1.2.3