Utils: escapeSpecialChars now handles escape sequences that may break…

… JSON.parse() Data posted by the client may contain stacktraces and other strings that contain escape sequences such as \n. escapeSpecialChars now handles a wider set of whitespace escape sequences that would otherwise break JSON.parse. May require support for more escape chars, but this might suffice for most cases. Fixes #99
browserstack · Aug 9, 2015 · 4b334b5 · 4b334b5
1 parent fbfbc4b
commit 4b334b5
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 5 deletions.
diff --git a/lib/utils.js b/lib/utils.js
@@ -7,7 +7,13 @@ var Log = require('./logger'),
 
 String.prototype.escapeSpecialChars = function() {
   return this.replace(/\n/g, '\\n')
-  .replace(/\\\'/, '\'');
+  .replace(/\r/g, '\\r')
+  .replace(/\t/g, '\\t')
+  .replace(/\f/g, '\\f')
+  .replace(/\u0008/g, '\\u0008')  // \b
+  .replace(/\v/g, '\\u000b')      // \v
+  .replace(/\0/g, '\\u0000')      // \0
+  .replace(/\\\'/, '\'');         // TODO: check why this exists
 };
 
 var titleCase = function toTitleCase(str) {

diff --git a/tests/unit/utils_spec.js b/tests/unit/utils_spec.js
@@ -6,7 +6,7 @@ describe('Utilities', function(){
     assert.equal("Hello", utils.titleCase("hello"));
     assert.equal("Are You Serious?", utils.titleCase("are you serious?"));
   });
-  
+
   it('should generate 32 char uuid', function(){
     assert.equal(5, utils.uuid().split("-").length);
     assert.equal(32 + 4, utils.uuid().length);
@@ -16,24 +16,36 @@ describe('Utilities', function(){
     assert.notEqual(utils.uuid(), utils.uuid());
     assert.notEqual(utils.uuid(), utils.uuid());
   });
-  
+
   it('should generate proper browser string for config', function(){
     var chrome_mac = {os: "OS X", os_version: "Mavericks", "browser": "chrome", "browser_version": "latest"};
     var chrome_windows = {os: "Windows", os_version: "XP", "browser": "chrome", "browser_version": "latest"};
     // var safari_mac = {os: "OS X", os_version: "Mountain Lion", "browser": "safari", "browser_version": "6.1"};
     var ie_windows = {os: "Windows", os_version: "7", "browser": "ie", "browser_version": "9.0"};
     var iOS = {os: "iOS", os_version: "6.0", device: "iPhone 5"};
     var androidConfig = {os: "android", os_version: "4.1"};
-    
+
     assert.equal("OS X Mavericks, Chrome latest", utils.browserString(chrome_mac));
     assert.equal("Windows XP, Chrome latest", utils.browserString(chrome_windows));
     assert.equal("Windows 7, Internet Explorer 9.0", utils.browserString(ie_windows));
     assert.equal("iOS 6.0, iPhone 5", utils.browserString(iOS));
     assert.equal("android 4.1", utils.browserString(androidConfig));
   });
-  
+
   it('should return number of keys for this object', function(){
     assert.equal(0, utils.objectSize({}));
     assert.equal(1, utils.objectSize({a: 2}));
   });
+
+  it('should escape special characters incompatible with JSON.parse', function () {
+    var testString = '{"tracebacks":[{"actual":null,"message":"Died on test #1     at http://localhost:8888/test/main/globals.js:43:7\n    at http://localhost:8888/test/main/globals.js:67:2: Error","testName":"globals: Exported assertions"}]}';
+    var expectString = '{"tracebacks":[{"actual":null,"message":"Died on test #1     at http://localhost:8888/test/main/globals.js:43:7\\n    at http://localhost:8888/test/main/globals.js:67:2: Error","testName":"globals: Exported assertions"}]}';
+
+    var malformedJson = '{ "key" : "Bad\njson contains\rall\tsorts\bof\vhorrible\0 & nasty\fescape sequences" }';
+    var expectJson = { "key" : "Bad\njson contains\rall\tsorts\bof\u000bhorrible\u0000 & nasty\fescape sequences" };
+
+    assert.throws(function () { JSON.parse(testString); }, SyntaxError, 'JSON.parse fails');
+    assert.equal(testString.escapeSpecialChars(), expectString);
+    assert.equal(JSON.parse(malformedJson.escapeSpecialChars()).key, expectJson.key);
+  });
 });