[
https://issues.apache.org/jira/browse/CXF-8555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17367826#comment-17367826
]
Andriy Redko edited comment on CXF-8555 at 6/23/21, 2:43 AM:
-------------------------------------------------------------
Hey [~coheigea] , yeah, the JSON specification, RFC-8259, [1] is not very
intuitive, however this is what it says regarding representing strings:
{code:java}
string = quotation-mark *char quotation-mark char = unescaped /
escape (
%x22 / ; " quotation mark U+0022
%x5C / ; \ reverse solidus U+005C
%x2F / ; / solidus U+002F
%x62 / ; b backspace U+0008
%x66 / ; f form feed U+000C
%x6E / ; n line feed U+000A
%x72 / ; r carriage return U+000D
%x74 / ; t tab U+0009
%x75 4HEXDIG ) ; uXXXX U+XXXX
escape = %x5C ; \
quotation-mark = %x22 ;
unescaped = %x20-21 / %x23-5B / %x5D-10FFFF {code}
In the nutshell, the `"` and "\" and "/" have to be escaped (plus a few more).
With respect to the example provided by [~Albert966] , the correct escaped JSON
representation of the
{code:java}
http://localhost:8080 {code}
would be
{code:java}
http:\/\/localhost:8080{code}
It looks like we need a bit more complicated solution which should skip over
the sequences which are already escaped, but escape the required ones. Getting
back to the example provided, it looks like the value:
{code:java}
http:\/\/localhost:8080 {code}
is already correctly escaped (nonetheless we replace `\` with double `\`), but
if we take for example another variant:
{code:java}
http:\//localhost:8080 {code}
we should escape the second slash only, so it becomes
{code:java}
http:\/\/localhost:8080 {code}
What do you think, does it make sense?
Thank you!
[1] [https://datatracker.ietf.org/doc/html/rfc8259]
was (Author: reta):
Hey [~coheigea] , yeah, the JSON specification, RFC-8259, [1] is not very
intuitive, however this is what it says regarding representing strings:
{code:java}
string = quotation-mark *char quotation-mark char = unescaped /
escape (
%x22 / ; " quotation mark U+0022
%x5C / ; \ reverse solidus U+005C
%x2F / ; / solidus U+002F
%x62 / ; b backspace U+0008
%x66 / ; f form feed U+000C
%x6E / ; n line feed U+000A
%x72 / ; r carriage return U+000D
%x74 / ; t tab U+0009
%x75 4HEXDIG ) ; uXXXX U+XXXX
escape = %x5C ; \
quotation-mark = %x22 ;
unescaped = %x20-21 / %x23-5B / %x5D-10FFFF {code}
In the nutshell, the `"` and "\" and "/" have to be escaped (plus a few more).
With respect to the example provided by [~Albert966] , the correct escaped JSON
representation of the
{code:java}
http://localhost:8080 {code}
would be
{code:java}
http:\/\/localhost:8080{code}
It looks like we need a bit more complicated solution which should skip over
the sequences which are already escaped, but escape the required ones. Getting
back to the example provided, it looks like the value:
{code:java}
http:\/\/localhost:8080 {code}
is already correctly escaped (nonetheless we replace `\` double `\`), but if we
take for example another variant:
{code:java}
http:\//localhost:8080 {code}
we should escape the second slash only, so it becomes
{code:java}
http:\/\/localhost:8080 {code}
What do you think, does it make sense?
Thank you!
[1] [https://datatracker.ietf.org/doc/html/rfc8259]
> JsonMapObjectReaderWriter escapes now any back slash
> ----------------------------------------------------
>
> Key: CXF-8555
> URL: https://issues.apache.org/jira/browse/CXF-8555
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS
> Affects Versions: 3.4.4
> Reporter: Jérôme cabaret
> Priority: Major
>
> Since the correction
> [CXF-8435|https://issues.apache.org/jira/browse/CXF-8435], any back-slash in
> a claim value is duplicated. This correction that was supposed to escape only
> double-quote, escapes now any existing back-slash (See line 371 of
> JsonMapObjectReaderWriter class).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)