From 9b9b2937ce3bef3bca9d22821e76c40cc74fa689 Mon Sep 17 00:00:00 2001 From: Tim Pope Date: Tue, 10 Mar 2009 09:33:58 -0300 Subject: Properly decode \u escape sequences in JSON [#1100 state:resolved] [Tim Pope, Philip Hallstrom] Signed-off-by: Pratik Naik --- activesupport/lib/active_support/json/decoding.rb | 23 ++++++++++++++++++++--- activesupport/test/json/decoding_test.rb | 4 +++- 2 files changed, 23 insertions(+), 4 deletions(-) (limited to 'activesupport') diff --git a/activesupport/lib/active_support/json/decoding.rb b/activesupport/lib/active_support/json/decoding.rb index 5eb8c0fd7d..ed64c3117b 100644 --- a/activesupport/lib/active_support/json/decoding.rb +++ b/activesupport/lib/active_support/json/decoding.rb @@ -43,14 +43,31 @@ module ActiveSupport end if marks.empty? - json.gsub(/\\\//, '/') + json.gsub(/\\([\\\/]|u[[:xdigit:]]{4})/) do + ustr = $1 + if ustr.starts_with?('u') + [ustr[1..-1].to_i(16)].pack("U") + elsif ustr == '\\' + '\\\\' + else + ustr + end + end else left_pos = [-1].push(*marks) right_pos = marks << scanner.pos + scanner.rest_size output = [] left_pos.each_with_index do |left, i| - scanner.pos = left.succ - output << scanner.peek(right_pos[i] - scanner.pos + 1) + output << json[left.succ..right_pos[i]].gsub(/\\([\\\/]|u[[:xdigit:]]{4})/) do + ustr = $1 + if ustr.starts_with?('u') + [ustr[1..-1].to_i(16)].pack("U") + elsif ustr == '\\' + '\\\\' + else + ustr + end + end end output = output * " " diff --git a/activesupport/test/json/decoding_test.rb b/activesupport/test/json/decoding_test.rb index b88a00e584..c5816ea168 100644 --- a/activesupport/test/json/decoding_test.rb +++ b/activesupport/test/json/decoding_test.rb @@ -28,7 +28,9 @@ class TestJSONDecoding < Test::Unit::TestCase %(null) => nil, %(true) => true, %(false) => false, - %q("http:\/\/test.host\/posts\/1") => "http://test.host/posts/1" + %q("http:\/\/test.host\/posts\/1") => "http://test.host/posts/1", + %q("\u003cunicode\u0020escape\u003e") => "", + %q("\\\\u0020skip double backslashes") => "\\u0020skip double backslashes" } TESTS.each do |json, expected| -- cgit v1.2.3