diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

merged branch niklasf/html-safe-json-response (PR #4510)

Browse Source 
Commits
-------

5c2fbfa [HttpFoundation] Make JsonResponse HTML safe.

Discussion
----------

[HttpFoundation] Make JsonResponse HTML safe.

After porting Drupal 8 to the HTTP Kernel, we noticed regressions on our JSON responses.

The original issue was http://drupal.org/node/479368. To summarize that:
- Doing the changes in this pull requests is backwarts compatible, because >>As RFC4627-2.5 clearly states that "Any character *may* be escaped", we can avoid special treatment of characters ', ", <, > and & by an HTML parser through simple substitution with a Unicode escape sequence (\uXXXX).<<
- A number of characters MUST be escaped for the JSON parser. These are: ", \, U+0000 - U+001F

Since PHP 5.3 we can simply get RFC compliant safe JSON by passing a few flags to json_encode().

Current issue: http://drupal.org/node/1619446.

---------------------------------------------------------------------------

by travisbot at 2012-06-07T14:49:12Z

This pull request [passes](http://travis-ci.org/symfony/symfony/builds/1558213) (merged 1200e27d into 1541fe26).

---------------------------------------------------------------------------

by sun at 2012-06-07T15:33:44Z

It would be a good idea to add an inline comment to explain what is being done; e.g.:

`// Encode <, >, ', &, and " for RFC4627-compliant JSON, which may also be embedded into HTML.`

---------------------------------------------------------------------------

by niklasf at 2012-06-07T15:41:24Z

Thanks, @sun. Pushed.

---------------------------------------------------------------------------

by travisbot at 2012-06-07T15:50:25Z

This pull request [passes](http://travis-ci.org/symfony/symfony/builds/1558974) (merged 5c2fbfab into 1541fe26).
This commit is contained in:
Fabien Potencier 2012-06-08 08:54:17 +02:00
commit ed4f8097e2
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Symfony/Component/HttpFoundation/JsonResponse.php
View File

@ -82,7 +82,8 @@ class JsonResponse extends Response
$data = new \ArrayObject();
}
$this->data = json_encode($data);
// Encode <, >, ', &, and " for RFC4627-compliant JSON, which may also be embedded into HTML.
$this->data = json_encode($data, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_AMP | JSON_HEX_QUOT);
return $this->update();
}