base::EscapeJSONString() doesn't check for invalid Unicode code points
Reported by
sabbaku...@yandex-team.ru,
May 24 2017
|
||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Steps to reproduce the problem: If you try to escape "\xF3\xBF\xBF\xBF" string it's not converted to "\xEF\xBF\xBD" as it's stated in the comments: https://cs.chromium.org/chromium/src/base/json/string_escape.h?sq&l=19 What is the expected behavior? What went wrong? The string isn't escaped properly. Did this work before? No Chrome version: 58.0.3029.110 Channel: dev OS Version: OS X 10.12.5 Flash Version:
,
May 24 2017
Can you provide us with a reproducible testcase for the ease of narrowing down the issue.
,
May 25 2017
I've made a patch that fixes this issue. You can find a unit test for that. https://codereview.chromium.org/2903773003/
,
May 26 2017
,
Jun 13 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/51d82b24af89da60880835f3032e2d508613f558 commit 51d82b24af89da60880835f3032e2d508613f558 Author: sabbakumov <sabbakumov@yandex-team.ru> Date: Tue Jun 13 04:28:13 2017 Escape invalid code points Make base::EscapeJSONString() to escape strings like "\xF3\xBF\xBF\xBF" (containing invalid Unicode code points) to be escaped as "\xEF\xBF\xBD". BUG= 725778 Review-Url: https://codereview.chromium.org/2903773003 Cr-Commit-Position: refs/heads/master@{#478900} [modify] https://crrev.com/51d82b24af89da60880835f3032e2d508613f558/base/json/string_escape.cc [modify] https://crrev.com/51d82b24af89da60880835f3032e2d508613f558/base/json/string_escape.h [modify] https://crrev.com/51d82b24af89da60880835f3032e2d508613f558/base/json/string_escape_unittest.cc
,
Feb 15 2018
|
||||
►
Sign in to add a comment |
||||
Comment 1 by lgrey@chromium.org
, May 24 2017