Added option to do entity encoding

brianmario / yajl-ruby

A streaming JSON parsing and encoding library for Ruby (C bindings to yajl)

http://rdoc.info/projects/brianmario/yajl-ruby

MIT License

1.48k stars 169 forks source link

Added option to do entity encoding #187

Closed eileencodes closed 6 years ago

eileencodes commented 6 years ago

This adds a feature to support entity encoding to escape characters that can be used XSS attacks. This is to match the behavior in ActiveSupport::JSON. The purpose of matching AS::JSON behavior is so we can replace it with Yajl so we can use the faster version.

Worked on this with @tenderlove to add the same support we have in ActiveSupport::JSON

cc/ @rafaelfranca @jeremy cc/ @brianmario

rafaelfranca commented 6 years ago

Should we also take care of the /? https://github.com/flori/json/pull/235/files

tenderlove commented 6 years ago

Should we also take care of the /?

Ah, yes we should

eileencodes commented 6 years ago

I added support for encoding slashes and force pushed 👍

brianmario commented 6 years ago

Thanks @eileencodes and @tenderlove!