JsonSerializer: escape error message in tree

antlr / antlr4-lab

A client/server for trying out and learning about ANTLR

MIT License

36 stars 11 forks source link

JsonSerializer: escape error message in tree #54

Closed qligier closed 1 year ago

qligier commented 1 year ago

Error messages are injected unescaped in the tree (result.tree.kids[].error). If there's a forbidden character, the JSON response becomes invalid. It happens by example if a quoted string is unmatched by the parser

For example:

{
  "result": {
    "tree": {
      "kids": [
        {
          "error": ""string""
        }
      ]
   }
}

parrt commented 1 year ago

Ah! I wonder if it is what is causing https://github.com/antlr/antlr4-lab/issues/51 Can you check? Then we can close as part of the same PR.

qligier commented 1 year ago

It seems so, but it's quite hard to debug a 10 Mo JSON response. The more complete patch here would be to use JsonWriter or Gson to safely create the JSON representation.

parrt commented 1 year ago

closing in favor of #57