Fix JSON encoding of PhutilSafeHTML for browser consumption

Summary:
If you run this code:

  json_encode(array('tag' => phutil_tag('div', array())));

...you get this result, because json_encode() does not call toString() on objects:

  {"tag":{}}

Instead, convert such objects to their underlying strings. Javelin has support for JX.HTML and for implicit conversion (which is kind of sketchy for other reasons) but it's sort of complicated (only happens on Ajax, not behaviors) and messy (not metadata-based), so ignore it for now.

We'll need to do something similar for serialization to the database. My plan there is just to throw on any objects. The only time we put HTML in the database is cache-related and those tiny number of callsites can manually handle it.

Test Plan: Various ajax things now receive the correct data.

Reviewers: vrana

Reviewed By: vrana

CC: aran

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4684

Author: epriestley

externals/javelinjs/src/lib/DOM.js

@@ -87,7 +87,18 @@ JX.$ = function(id) {
 JX.install('HTML', {
 
   construct : function(str) {
+    if (str instanceof JX.HTML) {
+      this._content = str._content;
+      return;
+    }
+
     if (__DEV__) {
+      if ((typeof str !== 'string') && (!str || !str.match)) {
+        JX.$E(
+          'new JX.HTML(<empty?>): ' +
+          'call initializes an HTML object with an empty value.');
+      }
+
       var tags = ['legend', 'thead', 'tbody', 'tfoot', 'column', 'colgroup',
                   'caption', 'tr', 'th', 'td', 'option'];
       var evil_stuff = new RegExp('^\\s*<(' + tags.join('|') + ')\\b', 'i');

src/aphront/response/AphrontResponse.php

@@ -54,7 +54,21 @@ public function setFrameable($frameable) {
     return $this;
   }
 
-  protected function encodeJSONForHTTPResponse(array $object) {
+  public static function processValueForJSONEncoding(&$value, $key) {
+    if ($value instanceof PhutilSafeHTML) {
+      // TODO: Javelin supports implicity conversion of '__html' objects to
+      // JX.HTML, but only for Ajax responses, not behaviors. Just leave things
+      // as they are for now (where behaviors treat responses as HTML or plain
+      // text at their discretion).
+      $value = $value->getHTMLContent();
+    }
+  }
+
+  public static function encodeJSONForHTTPResponse(array $object) {
+
+    array_walk_recursive(
+      $object,
+      array('AphrontResponse', 'processValueForJSONEncoding'));
 
     $response = json_encode($object);
 

src/infrastructure/celerity/CelerityStaticResourceResponse.php

@@ -128,7 +128,8 @@ private function renderResource(array $resource) {
   public function renderHTMLFooter() {
     $data = array();
     if ($this->metadata) {
-      $json_metadata = json_encode($this->metadata);
+      $json_metadata = AphrontResponse::encodeJSONForHTTPResponse(
+        $this->metadata);
       $this->metadata = array();
     } else {
       $json_metadata = '{}';
@@ -164,7 +165,9 @@ public function renderHTMLFooter() {
         if (!$group) {
           continue;
         }
-        $onload[] = 'JX.initBehaviors('.json_encode($group).')';
+        $group_json = AphrontResponse::encodeJSONForHTTPResponse(
+          $group);
+        $onload[] = 'JX.initBehaviors('.$group_json.')';
       }
     }