Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Conversion doesn't escape reserved characters #7

Closed
GoogleCodeExporter opened this issue Nov 9, 2015 · 5 comments
Closed

Conversion doesn't escape reserved characters #7

GoogleCodeExporter opened this issue Nov 9, 2015 · 5 comments
Labels
auto-migrated Priority-Medium Type-Defect

Comments

@GoogleCodeExporter
Copy link 


When converting JSON to an XML string, I found that reserved XML characters 
within the JSON tokens are not getting escaped. Can cause bad things to happen.

Haven't looked into it so I don't know if it's and issue, but you might want to 
check that you are escaping reserved JSON characters when converting from XML 
as well.

I can understand this might cause problems though if the tokens are already 
escaped, so you might want to make it an optional feature.

underscore.js has an escaping function for reference.

Original issue reported on code.google.com by reube...@gmail.com on 6 Jan 2013 at 4:29
@GoogleCodeExporter
Copy link
Author 

Basic XML character escaping functionality is available in v1.0.10.
It will be great if you could test it in your environment. Thanks!

Original comment by abdulla....@gmail.com on 6 Jan 2013 at 12:26

  • Changed state: Done

@GoogleCodeExporter
Copy link
Author 

Wow. That was fast o__O

It almost works, but not quite. It needs to check that the tokens being escaped 
are actually strings before it does so. I have some bool values in the object 
I'm testing with, and when the xml escaping is enabled, the console output is:

TypeError: str.replace is not a function

If I test with only strings it works fine. Any other type causes problems.

You probably want to add a check like:

if(typeof(str) != "string")

before trying to escape it.

Original comment by reube...@gmail.com on 7 Jan 2013 at 4:19

@GoogleCodeExporter
Copy link
Author 

Wow. That was fast o__O

It almost works, but not quite. It needs to check that the tokens being escaped 
are actually strings before it does so. I have some bool values in the object 
I'm testing with, and when the xml escaping is enabled, the console output is:

TypeError: str.replace is not a function

If I test with only strings it works fine. Any other type causes problems.

You probably want to add a check like:

if(typeof(str) != "string")

before trying to escape it.

Original comment by reube...@gmail.com on 7 Jan 2013 at 4:20

@GoogleCodeExporter
Copy link
Author 

er, that should be something more like


if(typeof(str) == "string")

Original comment by reube...@gmail.com on 7 Jan 2013 at 4:23

@GoogleCodeExporter
Copy link
Author 

Fixed in v1.0.11. Thank you for additional check!

Original comment by abdulla....@gmail.com on 7 Jan 2013 at 11:25

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auto-migrated Priority-Medium Type-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter