QJson does not escape control characters when sanitizing strings

flavio / qjson

QJson is a qt-based library that maps JSON data to QVariant objects.

http://qjson.sourceforge.net

GNU Lesser General Public License v2.1

288 stars 140 forks source link

QJson does not escape control characters when sanitizing strings #70

Closed robertknight closed 9 years ago

robertknight commented 9 years ago

As per RFC 4627, section 2.5, control characters must be escaped when encoding strings in JSON documents:

All Unicode characters may be placed within the quotation marks except for the characters that must be escaped: quotation mark, reverse solidus, and the control characters (U+0000 through U+001F).

Serializer::SerializerPrivate::sanitizeString escapes all characters >= 128, backslashes, quotes, tabs and new lines but not control characters.

drizt commented 9 years ago

4627 obsoletes. Look at RFC 7159

robertknight commented 9 years ago

@drizt True, but RFC 7159 Section 7 has exactly the same wording as the earlier RFC.

drizt commented 9 years ago

Yes.