New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added option to do entity encoding #187

Merged
merged 1 commit into from Jul 27, 2018

Conversation

Projects
None yet
4 participants
@eileencodes
Collaborator

eileencodes commented Jul 20, 2018

This adds a feature to support entity encoding to escape characters that
can be used XSS attacks. This is to match the behavior in
ActiveSupport::JSON. The purpose of matching AS::JSON behavior is so we
can replace it with Yajl so we can use the faster version.

Worked on this with @tenderlove to add the same support we have in ActiveSupport::JSON

cc/ @rafaelfranca @jeremy
cc/ @brianmario

@rafaelfranca

This comment has been minimized.

Show comment
Hide comment
@rafaelfranca

rafaelfranca commented Jul 20, 2018

Should we also take care of the /? https://github.com/flori/json/pull/235/files

@tenderlove

This comment has been minimized.

Show comment
Hide comment
@tenderlove

tenderlove Jul 23, 2018

Collaborator

Should we also take care of the /?

Ah, yes we should

Collaborator

tenderlove commented Jul 23, 2018

Should we also take care of the /?

Ah, yes we should

Show outdated Hide outdated ext/yajl/yajl_encode.c Outdated
Added option to do entity encoding
This adds a feature to support entity encoding to escape characters that
can be used XSS attacks. This is to match the behavior in
ActiveSupport::JSON. The purpose of matching AS::JSON behavior is so we
can replace it with Yajl so we can use the faster version.

Co-authored-by: Aaron Patterson <aaron.patterson@gmail.com>
@eileencodes

This comment has been minimized.

Show comment
Hide comment
@eileencodes

eileencodes Jul 26, 2018

Collaborator

I added support for encoding slashes and force pushed 👍

Collaborator

eileencodes commented Jul 26, 2018

I added support for encoding slashes and force pushed 👍

@brianmario

This comment has been minimized.

Show comment
Hide comment
@brianmario
Owner

brianmario commented Jul 27, 2018

@brianmario brianmario merged commit 4a0fb0b into brianmario:master Jul 27, 2018

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

@eileencodes eileencodes deleted the eileencodes:escape-entities branch Jul 27, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment