Permalink
Browse files

HTMLEncode strings in wddx_serialize_value()

Summary: Strings returned through wddx_serialize_value should be HTMLEncode()'d during
serialization.

Fixes #4283

{sync, type="child", parent="internal", parentrevid="1691695", parentrevfbid="1537976659780590", parentdiffid="5726084"}

Reviewed By: @JoelMarcey

Differential Revision: D1691695

Signature: t1:1691695:1416530595:722bfcdaf7c0dbee379bea886cd4c43d997ca7dd
  • Loading branch information...
paulbiss authored and hhvm-bot committed Nov 21, 2014
1 parent d81ad6e commit 324701c9fd31beb4f070f1b7ef78b115fbdfec34
@@ -126,9 +126,13 @@ bool WddxPacket::recursiveAddVar(const String& varName,
std::string varType = getDataTypeString(varVariant.getType()).data();
if (!getWddxEncoded(varType, "", varName, false).empty()) {
std::string varValue = varVariant.toString().data();
std::string varValue;
if (varType.compare("boolean") == 0) {
varValue = varVariant.toBoolean() ? "true" : "false";
} else {
varValue = StringUtil::HtmlEncode(varVariant.toString(),
StringUtil::QuoteStyle::Double,
"UTF-8", false, false).toCppString();
}
m_packetString += getWddxEncoded(varType, varValue, varName, hasVarTag);
return true;
@@ -0,0 +1,5 @@
<?php
$s = wddx_serialize_value("Test for &");
var_dump($s);
$d = wddx_deserialize($s);
var_dump($d);
@@ -0,0 +1,2 @@
string(92) "<wddxPacket version='1.0'><header/><data><string>Test for &amp;</string></data></wddxPacket>"
string(10) "Test for &"

0 comments on commit 324701c

Please sign in to comment.