mauricedw22 / x2js

Automatically exported from code.google.com/p/x2js
1 stars 2 forks source link

Conversion doesn't escape reserved characters #7

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

When converting JSON to an XML string, I found that reserved XML characters 
within the JSON tokens are not getting escaped. Can cause bad things to happen.

Haven't looked into it so I don't know if it's and issue, but you might want to 
check that you are escaping reserved JSON characters when converting from XML 
as well.

I can understand this might cause problems though if the tokens are already 
escaped, so you might want to make it an optional feature.

underscore.js has an escaping function for reference.

Original issue reported on code.google.com by reube...@gmail.com on 6 Jan 2013 at 4:29

GoogleCodeExporter commented 8 years ago
Basic XML character escaping functionality is available in v1.0.10.
It will be great if you could test it in your environment. Thanks!

Original comment by abdulla....@gmail.com on 6 Jan 2013 at 12:26

GoogleCodeExporter commented 8 years ago
Wow. That was fast o__O

It almost works, but not quite. It needs to check that the tokens being escaped 
are actually strings before it does so. I have some bool values in the object 
I'm testing with, and when the xml escaping is enabled, the console output is:

TypeError: str.replace is not a function

If I test with only strings it works fine. Any other type causes problems.

You probably want to add a check like:

if(typeof(str) != "string")

before trying to escape it.

Original comment by reube...@gmail.com on 7 Jan 2013 at 4:19

GoogleCodeExporter commented 8 years ago
Wow. That was fast o__O

It almost works, but not quite. It needs to check that the tokens being escaped 
are actually strings before it does so. I have some bool values in the object 
I'm testing with, and when the xml escaping is enabled, the console output is:

TypeError: str.replace is not a function

If I test with only strings it works fine. Any other type causes problems.

You probably want to add a check like:

if(typeof(str) != "string")

before trying to escape it.

Original comment by reube...@gmail.com on 7 Jan 2013 at 4:20

GoogleCodeExporter commented 8 years ago
er, that should be something more like

if(typeof(str) == "string")

Original comment by reube...@gmail.com on 7 Jan 2013 at 4:23

GoogleCodeExporter commented 8 years ago
Fixed in v1.0.11. Thank you for additional check!

Original comment by abdulla....@gmail.com on 7 Jan 2013 at 11:25