Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Unexpected character #to_json #14032

Closed
ggoral opened this Issue Feb 12, 2014 · 6 comments

Comments

Projects
None yet
3 participants

ggoral commented Feb 12, 2014

irb(main):002:0> '&'.to_json
=> ""\u0026""

Owner

rafaelfranca commented Feb 12, 2014

What is your expected behavior?

I saw you are using irb, is this a Rails bug?

Owner

rafaelfranca commented Feb 12, 2014

Which Rails version are using?

How can I reproduce it?

Member

chancancode commented Feb 12, 2014

This is the correct behaviour – escape_html_entities_in_json is turned on by default as a security measure. If this is causing problem, you can turn it off by setting config.active_support.escape_html_entities_in_json to false.

However, this is unlikely to cause problems, because according to the JSON spec this is perfectly valid and should be treated as identical as '&' by all conforming browsers. Where are you running into issues with this?

ggoral commented Feb 12, 2014

Hi Guys,

Sorry, was looking for a solution to this problem. This problem occurred when ActiveSupport 4.0.2 upgrade.

Repository is: https://github.com/ggoral/resource-booking-system.git
In bash run:

$bundle exec rake console
irb(main):001:0> '&'.to_json
=> ""\u0026""

following the error reaches overwriting # to_json
https://github.com/rails/rails/blob/master/activesupport/lib/active_support/core_ext/object/json.rb#L29-L43

@rafaelfranca is not an application rails, app depends on ActiveRecord, which in turn depends on ActiveSupport, which overrides the #to_json method.

@chancancode "ActiveSupport.escape_html_entities_in_json = false" works! 👍

Thanks everyone!

Member

chancancode commented Feb 12, 2014

@ggoral Make sure you know what you're doing if you turned that off :) I think you shouldn't have to do that in pretty much any scenarios, because again, when it comes to JSON, '&' and '\u0026' should be treated as identical according to the spec.

ggoral commented Feb 12, 2014

@chancancode Thank you for your clarification.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment