Commit 92efec6e authored by webchick's avatar webchick
Browse files

#479368 by Heine and asimmonds: Fixed drupal_to_js() provides bad unicode conversions.

parent 059d9eb6
......@@ -4389,7 +4389,7 @@ function drupal_clear_js_cache() {
*/
function drupal_json_encode($var) {
// json_encode() does not escape <, > and &, so we do it with str_replace().
return str_replace(array('<', '>', '&'), array('\x3c', '\x3e', '\x26'), json_encode($var));
return str_replace(array('<', '>', '&'), array('\u003c', '\u003e', '\u0026'), json_encode($var));
}
/**
......@@ -4399,8 +4399,7 @@ function drupal_json_encode($var) {
* @ingroup php_wrappers
*/
function drupal_json_decode($var) {
// json_decode() does not unescape <, > and &, so we do it with str_replace().
return json_decode(str_replace(array('\x3c', '\x3e', '\x26'), array('<', '>', '&'), $var), TRUE);
return json_decode($var, TRUE);
}
/**
......
......@@ -1802,6 +1802,7 @@ class DrupalJSONTest extends DrupalUnitTestCase {
}
// Characters that must be escaped.
$html_unsafe = array('<', '>', '&');
$html_unsafe_escaped = array('\u003c', '\u003e', '\u0026');
// Verify there aren't character encoding problems with the source string.
$this->assertIdentical(strlen($str), 128, t('A string with the full ASCII table has the correct length.'));
......@@ -1824,6 +1825,10 @@ class DrupalJSONTest extends DrupalUnitTestCase {
foreach ($html_unsafe as $char) {
$this->assertTrue(strpos($json, $char) === FALSE, t('A JSON encoded string does not contain @s.', array('@s' => $char)));
}
// Verify that JSON encoding escapes the HTML unsafe characters
foreach ($html_unsafe_escaped as $char) {
$this->assertTrue(strpos($json, $char) > 0, t('A JSON encoded string contains @s.', array('@s' => $char)));
}
$json_decoded = drupal_json_decode($json);
$this->assertNotIdentical($source, $json, t('An array encoded in JSON is not identical to the source.'));
$this->assertIdentical($source, $json_decoded, t('Encoding structured data to JSON and decoding back results in the original data.'));
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment