[
https://issues.apache.org/jira/browse/SOLR-2520?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Benson Margulies updated SOLR-2520:
-----------------------------------
Description:
Please see http://timelessrepo.com/json-isnt-a-javascript-subset.
If a stored field contains Unicode characters that are valid in Json but not
valid in Javascript, and you use the query option to ask for JSONP (json.wrf),
solr does *not* escape them, resulting in content that explodes on contact with
browsers. That is, there are certain Unicode characters that are valid JSON but
invalid in Javascript source, and a JSONP response is javascript source, to be
incorporated in an HTML script tag. Further investigation suggests that only
one character is a problem here: U+2029 must be represented as \u2029 instead
of left 'as-is'.
was:
Please see http://timelessrepo.com/json-isnt-a-javascript-subset.
If a stored field contains Unicode characters that are valid in Json but not
valid in Javascript, and you use the query option to ask for jsonp (json.wrt),
solr does *not* escape them characters, resulting in content that explodes on
contact with browsers. That is, there are certain Unicode characters that are
valid JSON but invalid in Javascript source, and a JSONP response is javascript
source, to be incorporated in an HTML script tag.
> JSONResponseWriter w/json.wrf can produce invalid javascript depending on
> unicode chars in response data
> --------------------------------------------------------------------------------------------------------
>
> Key: SOLR-2520
> URL: https://issues.apache.org/jira/browse/SOLR-2520
> Project: Solr
> Issue Type: Bug
> Affects Versions: 4.0
> Reporter: Benson Margulies
> Attachments: SOLR-2520.patch
>
>
> Please see http://timelessrepo.com/json-isnt-a-javascript-subset.
> If a stored field contains Unicode characters that are valid in Json but not
> valid in Javascript, and you use the query option to ask for JSONP
> (json.wrf), solr does *not* escape them, resulting in content that explodes
> on contact with browsers. That is, there are certain Unicode characters that
> are valid JSON but invalid in Javascript source, and a JSONP response is
> javascript source, to be incorporated in an HTML script tag. Further
> investigation suggests that only one character is a problem here: U+2029
> must be represented as \u2029 instead of left 'as-is'.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
