[
http://www.stripesframework.org/jira/browse/STS-903?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12944#comment-12944
]
Jonathan Smith commented on STS-903:
------------------------------------
[~fdaoud] after our discussion today I think this is actually an issue.
Perhaps escaping these chars could be added to the quote method of the
JavaScriptBuilder? I'm sure that these are just a subset of the characters
that might need escaping. The only gotcha I can think of is these characters
are valid JSON data according to the JSON spec so if JavaScriptBuilder is also
used to produce json results this may not be the best way to accomplish this.
{code:title=public static
net.sourceforge.stripes.ajax.JavaScriptBuilder.quote(String string)}
/**
* Quotes the supplied String and escapes all characters that could be
problematic
* when eval()'ing the String in JavaScript.
*
* @param string a String to be escaped and quoted
* @return the escaped and quoted String
* @since Stripes 1.2 (thanks to Sergey Pariev)
*/
public static String quote(String string) {
if (string == null || string.length() == 0) {
return "\"\"";
}
char c = 0;
int len = string.length();
StringBuilder sb = new StringBuilder(len + 10);
sb.append('"');
for (int i = 0; i < len; ++i) {
c = string.charAt(i);
switch (c) {
case '\\':
case '"':
sb.append('\\').append(c);
break;
case '\b':
sb.append("\\b");
break;
case '\t':
sb.append("\\t");
break;
case '\n':
sb.append("\\n");
break;
case '\f':
sb.append("\\f");
break;
case '\r':
sb.append("\\r");
break;
default:
if (c < ' ') {
// The following takes lower order chars and creates
unicode style
// char literals for them (e.g. \u00F3)
sb.append("\\u");
String hex = Integer.toHexString(c);
int pad = 4 - hex.length();
for (int j=0; j<pad; ++j) {
sb.append("0");
}
sb.append(hex);
}
else {
sb.append(c);
}
}
}
sb.append('"');
return sb.toString();
}
{code}
> net.sourceforge.stripes.ajax.JavaScriptBuilder.quote(String string) does not
> properly escape unicode characters u2028 and u2029
> -------------------------------------------------------------------------------------------------------------------------------
>
> Key: STS-903
> URL: http://www.stripesframework.org/jira/browse/STS-903
> Project: Stripes
> Issue Type: Bug
> Affects Versions: Release 1.5.3
> Reporter: Jonathan Smith
>
> Please see http://timelessrepo.com/json-isnt-a-javascript-subset for a
> description of json vs javascript and unicode 2028 & 2029
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Stripes-development mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-development
