Uploaded image for project: 'Lucee Development'
  1. LDEV-811

serializeJSON() doesn't escape control characters

    Details

    • Type: Bug
    • Status: Deployed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.1.1.3
    • Labels:
      None
    • Sprint:
      August 2017 Sprint

      Description

      This report from Sean Corfield via CFML Slack:

      ASCII values 0x00-0x1F and 0x7F. Those should be encoded as `\u00nn` by `serializeJSON()`
      We had text with an 0x12 (DC2) control character in it and our iOS app choked.
      When we all dug into it, the JSON returned (containing the raw 0x12 character) would not validate and StackOverflow has plenty of questions about iOS and control characters — and the fix in every case was proper encoding with `\u00xx`.
      So I switched out `serializeJSON()` with a call to a Java (Clojure) library instead and that solved the problem.
      This is the repro case http://trycf.com/gist/cb3edaa4869276fe1dea15484efa4581/lucee?theme=monokai
      It ​should​ produce `"I don\u0012t know!"`.
      The various Java and Clojure libraries I tried all got this right.

      Here's the code from his repro case:

      writedump(serializeJSON("I don" & chr(18) & "t know!"));
      

        Attachments

          Activity

            People

            • Assignee:
              21solutions Igal Sapir
              Reporter:
              bdw429s Brad Wood
            • Votes:
              3 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: