Open cronix111 opened 8 years ago
Plugin builds json but does not escape json special characters which can cause problems with data containing quotation.
E.g. procedure's node_json line looks like
l_clob :='{"data":{"title":"'||p_name||'","attr":{"href":"'||NVL(p_link, '#')||'"}';
and if it was escaping it would look something like
l_clob :='{"data":{"title":"'||json_escape(p_name)||'","attr":{"href":"'||NVL(json_escape(p_link), '#')||'"}';
Plugin builds json but does not escape json special characters which can cause problems with data containing quotation.
E.g. procedure's node_json line looks like
l_clob :='{"data":{"title":"'||p_name||'","attr":{"href":"'||NVL(p_link, '#')||'"}';
and if it was escaping it would look something like
l_clob :='{"data":{"title":"'||json_escape(p_name)||'","attr":{"href":"'||NVL(json_escape(p_link), '#')||'"}';