318987 – Response-Strings in BrowserFunctions should be escaped

Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 318987 - Response-Strings in BrowserFunctions should be escaped

Summary: Response-Strings in BrowserFunctions should be escaped

Status:	RESOLVED FIXED

Alias:	None

Product:	RAP
Classification:	RT
Component:	RWT (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P3 major (vote)
Target Milestone:	1.4 M1
Assignee:	Project Inbox
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2010-07-06 05:51 EDT by Philipp Leusmann
Modified:	2010-08-16 05:01 EDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Philipp Leusmann

2010-07-06 05:51:55 EDT

Build Identifier: RAP 1.3

When returning String containing "-characters, these lead to javascript-erros. At least "-characters should be escaped.
Probably the same algorithm as in org.apache.commons.lang.StringEscapeUtils.escapeJava(String) from Commons-Lang could be used.

Reproducible: Always

Steps to Reproduce:
Just create a BrowserFunction and return new String("test \" test"). untested, but should do the trick

Comment 1 Philipp Leusmann

2010-07-06 06:05:07 EDT

org.apache.commons.lang.StringEscapeUtils.escapeJavaScript(String) would be better

Comment 2 Ivan Furnadjiev

2010-07-06 09:10:08 EDT

The double quote character is now escaped.

Comment 3 Philipp Leusmann

2010-07-30 13:18:07 EDT

What about the other characters?

Cite from the StringEscaptUtils#escapeEcmaScript JavaDoc (renamed from escapeJavaScript):

Escapes any values it finds into their EcmaScript String form. Deals correctly with quotes and control-chars (tab, backslash, cr, ff, etc.)

So a tab becomes the characters '\\' and 't'.

The only difference between Java strings and EcmaScript strings is that in EcmaScript, a single quote and forward-slash (/) are escaped.

Comment 4 Ivan Furnadjiev

2010-08-12 08:08:20 EDT

Philipp, I've just tested the tab character (\t) and it is properly visualized without escaping - no javascript errors. Do you have any particular problems with some characters?

Comment 5 Philipp Leusmann

2010-08-16 04:44:49 EDT

Ivan,

I did not personally check all characters mentioned, but I assumed they had good reasons to escape the chosen characters.
I guess the most important characters are " and '

Comment 6 Ivan Furnadjiev

2010-08-16 05:01:14 EDT

Philipp,  " and ' work... I don't think that it's necessary to escape something that is working without escaping. If you have a particular problem with some other characters, please reopen the bug.