summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDries2011-12-05 12:17:24 (GMT)
committerDries2011-12-05 12:17:24 (GMT)
commit25cc6b432521423eea9baa5fdca85f513f7d9fc2 (patch)
tree487ebb132050fde17f0bd51fffa6cabe18fedd89
parent694b6ac9c86ca697b28ac89739451f48a9fde9a4 (diff)
- Patch #479368 by Roger Saner, xjm, Heine, mcarbone, keichee, asimmonds: Create RFC compliant HTML safe JSON.
-rw-r--r--core/includes/common.inc6
-rw-r--r--core/modules/simpletest/tests/common.test11
-rw-r--r--core/modules/taxonomy/taxonomy.test6
3 files changed, 15 insertions, 8 deletions
diff --git a/core/includes/common.inc b/core/includes/common.inc
index c6a29b7..9bcbfc4 100644
--- a/core/includes/common.inc
+++ b/core/includes/common.inc
@@ -4898,14 +4898,14 @@ function drupal_clear_js_cache() {
/**
* Converts a PHP variable into its JavaScript equivalent.
*
- * We use HTML-safe strings, i.e. with <, > and & escaped.
+ * We use HTML-safe strings, with several characters escaped.
*
* @see drupal_json_decode()
* @ingroup php_wrappers
*/
function drupal_json_encode($var) {
- // json_encode() does not escape <, > and &, so we do it with str_replace().
- return str_replace(array('<', '>', '&'), array('\u003c', '\u003e', '\u0026'), json_encode($var));
+ // Encode <, >, ', &, and " using the json_encode() options parameter.
+ return json_encode($var, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_AMP | JSON_HEX_QUOT);
}
/**
diff --git a/core/modules/simpletest/tests/common.test b/core/modules/simpletest/tests/common.test
index 6cc159b..dd5b126 100644
--- a/core/modules/simpletest/tests/common.test
+++ b/core/modules/simpletest/tests/common.test
@@ -2429,8 +2429,10 @@ class DrupalJSONTest extends DrupalUnitTestCase {
$str .= chr($i);
}
// Characters that must be escaped.
- $html_unsafe = array('<', '>', '&');
- $html_unsafe_escaped = array('\u003c', '\u003e', '\u0026');
+ // We check for unescaped " separately.
+ $html_unsafe = array('<', '>', '\'', '&');
+ // The following are the encoded forms of: < > ' & "
+ $html_unsafe_escaped = array('\u003C', '\u003E', '\u0027', '\u0026', '\u0022');
// Verify there aren't character encoding problems with the source string.
$this->assertIdentical(strlen($str), 128, t('A string with the full ASCII table has the correct length.'));
@@ -2442,6 +2444,11 @@ class DrupalJSONTest extends DrupalUnitTestCase {
$json = drupal_json_encode($str);
$this->assertTrue(strlen($json) > strlen($str), t('A JSON encoded string is larger than the source string.'));
+ // The first and last characters should be ", and no others.
+ $this->assertTrue($json[0] == '"', t('A JSON encoded string begins with ".'));
+ $this->assertTrue($json[strlen($json) - 1] == '"', t('A JSON encoded string ends with ".'));
+ $this->assertTrue(substr_count($json, '"') == 2, t('A JSON encoded string contains exactly two ".'));
+
// Verify that encoding/decoding is reversible.
$json_decoded = drupal_json_decode($json);
$this->assertIdentical($str, $json_decoded, t('Encoding a string to JSON and decoding back results in the original string.'));
diff --git a/core/modules/taxonomy/taxonomy.test b/core/modules/taxonomy/taxonomy.test
index dcb8a17..6d6320a 100644
--- a/core/modules/taxonomy/taxonomy.test
+++ b/core/modules/taxonomy/taxonomy.test
@@ -627,11 +627,11 @@ class TaxonomyTermTestCase extends TaxonomyWebTestCase {
}
$this->assertNoText($term1->name, t('The deleted term %name does not appear on the node page.', array('%name' => $term1->name)));
- // Test autocomplete on term 2 - it contains a comma, so expect the key to
- // be quoted.
+ // Test autocomplete on term 2, which contains a comma.
+ // The term will be quoted, and the " will be encoded in unicode (\u0022).
$input = substr($term2->name, 0, 3);
$this->drupalGet('taxonomy/autocomplete/taxonomy_' . $this->vocabulary->machine_name . '/' . $input);
- $this->assertRaw('{"\"' . $term2->name . '\"":"' . $term2->name . '"}', t('Autocomplete returns term %term_name after typing the first 3 letters.', array('%term_name' => $term2->name)));
+ $this->assertRaw('{"\u0022' . $term2->name . '\u0022":"' . $term2->name . '"}', t('Autocomplete returns term %term_name after typing the first 3 letters.', array('%term_name' => $term2->name)));
// Test autocomplete on term 3 - it is alphanumeric only, so no extra
// quoting.