-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handle unicode characters in filters #707
base: develop
Are you sure you want to change the base?
Conversation
- Updated ANTLR4 grammar to support unicode chars - Added test - Removed logic that escapes/unescapes JSON values, should is handled by at the JSON parser (jackson) Fixes: #564
View details about the 'Apache Rat - Check' build 151 in the Build Scan 📊 |
View details about the 'Maven Verify (with Java 21-zulu)' build 1419 in the Build Scan 📊 |
View details about the 'Maven Verify (with Java 17-zulu)' build 1419 in the Build Scan 📊 |
@joshuapsteele, took a little longer to track the issue down, but when you get a chance can you take a look at this. @chrisharm if you are still watching can you take a look at this too? I'm guessing this logic was here for a reason and I'm guessing I shouldn't be ripping it out... Do you have ideas for test cases for the original escape logic? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes look good to me. Would just like to clarify where escapeJson()
is now being used in the relevant flows here.
// TODO change this to escapeJson() when dependencies get upgraded | ||
String escaped = StringEscapeUtils.escapeEcmaScript((String) this.compareValue) | ||
// StringEscapeUtils follows the outdated JSON spec requiring "/" to be escaped, this could subtly break things | ||
.replaceAll("\\\\/", "/") | ||
// We don't want single-quotes escaped, this will be unnecessary with escapeJson() | ||
.replaceAll("\\\\'", "'"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, just now giving this a quick look, @bdemers. Can we note for posterity, even if just in this PR convo, where escapeJson()
is now being used?
String doubleEscaped = jsonValue.substring(1, jsonValue.length() - 1) | ||
// StringEscapeUtils follows the outdated JSON spec requiring "/" to be escaped, this could subtly break things | ||
.replaceAll("\\\\/", "\\\\\\\\/") | ||
// Just in case someone needs a single-quote with a backslash in front of it, this will be unnecessary with escapeJson() | ||
.replaceAll("\\\\'", "\\\\\\\\'"); | ||
|
||
// TODO change this to escapeJson() when dependencies get upgraded | ||
return StringEscapeUtils.unescapeEcmaScript(doubleEscaped); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bdemers Can we note for posterity, even if just in this PR convo, where escapeJson()
is now being used?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was hoping @chrisharm would chime in 🤞
My take is that the escape would happen at a different level:
- filters passed in as a query param would be URL escaped
- Patch paths, would be JSON escaped automatically by Jackson.
Unless I'm missing something i think it would always be problematic to handle escaping outside of the context where it's used.
Fixes: #564