[ 
https://issues.apache.org/jira/browse/CXF-8555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17367826#comment-17367826
 ] 

Andriy Redko edited comment on CXF-8555 at 6/23/21, 2:43 AM:
-------------------------------------------------------------

Hey [~coheigea] , yeah, the JSON specification, RFC-8259, [1] is not very 
intuitive, however this is what it says regarding representing strings:
{code:java}
 string = quotation-mark *char quotation-mark      char = unescaped /
          escape (
              %x22 /          ; "    quotation mark  U+0022
              %x5C /          ; \    reverse solidus U+005C
              %x2F /          ; /    solidus         U+002F
              %x62 /          ; b    backspace       U+0008
              %x66 /          ; f    form feed       U+000C
              %x6E /          ; n    line feed       U+000A
              %x72 /          ; r    carriage return U+000D
              %x74 /          ; t    tab             U+0009
              %x75 4HEXDIG )  ; uXXXX                U+XXXX      
escape = %x5C              ; \      
quotation-mark = %x22      ;
unescaped = %x20-21 / %x23-5B / %x5D-10FFFF {code}
In the nutshell, the `"` and "\" and "/" have to be escaped (plus a few more). 
With respect to the example provided by [~Albert966] , the correct escaped JSON 
representation of the
{code:java}
http://localhost:8080 {code}
would be
{code:java}
http:\/\/localhost:8080{code}
It looks like we need a bit more complicated solution which should skip over 
the sequences which are already escaped, but escape the required ones. Getting 
back to the example provided, it looks like the value:
{code:java}
http:\/\/localhost:8080 {code}
is already correctly escaped (nonetheless we replace `\` with double `\`), but 
if we take for example another variant:
{code:java}
 http:\//localhost:8080 {code}
we should escape the second slash only, so it becomes
{code:java}
 http:\/\/localhost:8080 {code}
What do you think, does it make sense? 
 Thank you!

[1] [https://datatracker.ietf.org/doc/html/rfc8259]


was (Author: reta):
Hey [~coheigea] , yeah, the JSON specification, RFC-8259, [1] is not very 
intuitive, however this is what it says regarding representing strings:
{code:java}
 string = quotation-mark *char quotation-mark      char = unescaped /
          escape (
              %x22 /          ; "    quotation mark  U+0022
              %x5C /          ; \    reverse solidus U+005C
              %x2F /          ; /    solidus         U+002F
              %x62 /          ; b    backspace       U+0008
              %x66 /          ; f    form feed       U+000C
              %x6E /          ; n    line feed       U+000A
              %x72 /          ; r    carriage return U+000D
              %x74 /          ; t    tab             U+0009
              %x75 4HEXDIG )  ; uXXXX                U+XXXX      
escape = %x5C              ; \      
quotation-mark = %x22      ;
unescaped = %x20-21 / %x23-5B / %x5D-10FFFF {code}
In the nutshell, the `"` and "\" and "/" have to be escaped (plus a few more). 
With respect to the example provided by [~Albert966] , the correct escaped JSON 
representation of the
{code:java}
http://localhost:8080 {code}
would be
{code:java}
http:\/\/localhost:8080{code}
It looks like we need a bit more complicated solution which should skip over 
the sequences which are already escaped, but escape the required ones. Getting 
back to the example provided, it looks like the value:
{code:java}
http:\/\/localhost:8080 {code}
is already correctly escaped (nonetheless we replace `\` double `\`), but if we 
take for example another variant:
{code:java}
 http:\//localhost:8080 {code}
we should escape the second slash only, so it becomes
{code:java}
 http:\/\/localhost:8080 {code}
What do you think, does it make sense? 
 Thank you!

[1] [https://datatracker.ietf.org/doc/html/rfc8259]

> JsonMapObjectReaderWriter escapes now any back slash
> ----------------------------------------------------
>
>                 Key: CXF-8555
>                 URL: https://issues.apache.org/jira/browse/CXF-8555
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS
>    Affects Versions: 3.4.4
>            Reporter: Jérôme cabaret
>            Priority: Major
>
> Since the correction 
> [CXF-8435|https://issues.apache.org/jira/browse/CXF-8435], any back-slash in 
> a claim value is duplicated. This correction that was supposed to escape only 
> double-quote, escapes now any existing back-slash (See line 371 of 
> JsonMapObjectReaderWriter class).



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to