Reserved characters in payload

[kzangeli]

Description

We need to escape all reserved characters in the payload.

This issue will need some discussion before implementing.

Effort: 5 man day

[kzangeli]

A temptative list of JSON chars to escape:

\" Standard JSON quote
\\ Backslash (Escape char)
\/ Forward slash
\b Backspace (ascii code 08)
\f Form feed (ascii code 0C)
\n Newline
\r Carriage return
\t Horizontal Tab
\u four-hex-digits

And XML:

>   (Greater than)     >
<   (Less than)        &lt;
&   (Ampersand)        &amp;
%   (Percent)          &#37;
'   (Single Quote)     &apos;
"   (Double Quote)     &quot;

[fgalan]

Ups, sorry for the early close... wrong click in the github interface :$

[fgalan]

In http://www.w3schools.com/xml/xml_syntax.asp the "%" is not mentioned as forbidden character in XML...

[kzangeli]

There are many lists out there on what must be escaped and not.
The one that starts with this issue (or all of us) will have to do some investigation.

[fgalan]

The "final word" would be in the XML specification itself... but it could be a nightmare review that document.

[kzangeli]

Yeah, but not only.
We need the ones for JSON as well, and escape all these chars before storing in mongo and perhaps unescape differently depending on whether the response is in JSON or XML.
As I mentioned, this is not trivial.

[fgalan]

Increase importance level to MUST (after realizing this issue may be related with cross-scripting)

[fgalan]

This issue is being closed in favour of #619