search

HughP / simal

Automatically exported from code.google.com/p/simal
0 stars 0 forks source link

JSON incorrectly escaped server-side #339

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
When querying JSON data (eg. through the REST API) the IDoapResource.toJSON is 
used which uses StringEscapeUtils.escapeJavaScript(String) from commons-lang.

However, in JavaScript it is valid to escape single quotes (') which is done by 
the method mentioned above, whereas this is not valid in JSON. As a 
consequence, the JSON that is sent to the client is not valid JSON and client 
libraries can choke on it. 

Looking in the source of commons-lang the StringEscapeUtils.escapeJava(String) 
does exactly what we need, ie. (Escape JS) - (Escape single quotes).

Original issue reported on code.google.com by sander.v...@oucs.ox.ac.uk on 9 Aug 2010 at 4:27

GoogleCodeExporter commented 9 years ago 
I don't think this should be fixed directly. The implementation of JSON is 
currently a quick hack to pilot the feature.

Issue 73 requires us to refactor the JSON code to use a proper JSON library. 
This should make it much eaiser to maintain as new fields are added to the 
model. It will also remove problems like this one.

Original comment by ross.gardler on 9 Aug 2010 at 9:47