Skip to content

Commit

Permalink
consistency between jackson/org.json.JSONObject/PageFlowUtil (#5117)
Browse files Browse the repository at this point in the history
  • Loading branch information
labkey-matthewb authored Jan 11, 2024
1 parent 8e7d8aa commit fb5fcfe
Show file tree
Hide file tree
Showing 9 changed files with 63 additions and 9 deletions.
2 changes: 2 additions & 0 deletions api/src/org/labkey/api/data/JsonTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -101,12 +101,14 @@ public void jsonOrgViaJackson() throws IOException
obj.put("str", "hello");
obj.put("arr", new JSONArray(Arrays.asList("one", null, 3, new JSONObject(Collections.singletonMap("four", 4)))));
obj.put("nul", (Object)null);
obj.put("key", "</tricky\tvalue\\");
// obj.put("d", d); //TODO: new JSONObject serializes date-times as ISO

// Verify serializing org.json.JSONObject via Jackson is equivalent
String jacksonToString = mapper.writeValueAsString(obj);
String jsonOrgToString = obj.toString();
assertEquals(jsonOrgToString, jacksonToString);
assertTrue(jsonOrgToString.contains("<\\/"));

// Verify deserializing org.json.JSONObject via Jackson is equivalent
// NOTE: In both cases, the date value is deserialized as a string because JSON sucks
Expand Down
2 changes: 1 addition & 1 deletion api/src/org/labkey/api/notification/notificationpanel.jsp
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@
%>
<a id="<%=h(linkId)%>" href="#">
<i class="fa fa-inbox labkey-notification-inbox"></i>
<span id=<%=q(notificationCountId)%>>&nbsp;</span>
<span id="<%=h(notificationCountId)%>">&nbsp;</span>
</a>
</li>

Expand Down
40 changes: 38 additions & 2 deletions api/src/org/labkey/api/reports/report/r/RReport.java
Original file line number Diff line number Diff line change
Expand Up @@ -219,12 +219,48 @@ public static synchronized String getDefaultRPath()
return DEFAULT_APP_PATH;
}


public static String toR(String s)
{
String r = PageFlowUtil.jsString(s);
return "\"" + StringUtils.strip(r, "'") + "\"";
if (s == null)
return "\"\"";

StringBuilder r = new StringBuilder(s.length() + 10);
r.append("\"");
int len = s.length();
for (int i = 0 ; i<len ; i++)
{
char c = s.charAt(i);
switch (c)
{
case '\\':
r.append("\\\\");
break;
case '\n':
r.append("\\n");
break;
case '\r':
r.append("\\r");
break;
case '\'':
r.append("\\'");
break;
case '\"':
r.append("\\\"");
break;
case '\t':
r.append("\\t");
break;
default:
r.append(c);
break;
}
}
r.append("\"");
return r.toString();
}


// static for access by RserveScriptEngine with no backing report
public static void appendParamList(StringBuilder labkey, Map<String, Object> inputParameters)
{
Expand Down
3 changes: 3 additions & 0 deletions api/src/org/labkey/api/util/PageFlowUtil.java
Original file line number Diff line number Diff line change
Expand Up @@ -422,6 +422,9 @@ public static String jsString(String s)
case '\\':
js.append("\\\\");
break;
case '/':
js.append("\\/");
break;
case '\n':
js.append("\\n");
break;
Expand Down
13 changes: 13 additions & 0 deletions core/src/org/labkey/core/CoreModule.java
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
*/
package org.labkey.core;

import com.fasterxml.jackson.core.io.CharTypes;
import com.google.common.collect.Sets;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
Expand Down Expand Up @@ -308,6 +309,18 @@ public class CoreModule extends SpringModule implements SearchService.DocumentPr

// Register dialect extra early, since we need to initialize the data sources before calling DefaultModule.initialize()
SqlDialectRegistry.register(new PostgreSqlDialectFactory());

try
{
var field = CharTypes.class.getDeclaredField("sOutputEscapes128");
field.setAccessible(true);
((int[])field.get(null))['/'] = '/';
field.setAccessible(false);
}
catch (NoSuchFieldException|IllegalArgumentException|IllegalAccessException x)
{
// pass
}
}

private CoreWarningProvider _warningProvider;
Expand Down
2 changes: 1 addition & 1 deletion core/src/org/labkey/core/user/securityAccess.jsp
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@
However, if this account were re-enabled, it would have the following permissions.</div>
<% } %>

<table id=<%=q(accessRegion.getDomId())%> lk-region-name=<%=q(accessRegion.getName())%> class="labkey-data-region-legacy labkey-show-borders">
<table id="<%=h(accessRegion.getDomId())%>" lk-region-name="<%=h(accessRegion.getName())%>" class="labkey-data-region-legacy labkey-show-borders">
<colgroup><col><col><col></colgroup>
<tr id="dataregion_column_header_row_access">
<th>&nbsp;</th>
Expand Down
2 changes: 1 addition & 1 deletion pipeline/src/org/labkey/pipeline/startPipelineImport.jsp
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@
<labkey:errors/>
<labkey:form id="<%=importFormId%>" action="<%=urlFor(StartFolderImportAction.class)%>" method="post">
<input type="hidden" name="fromZip" value=<%=bean.isFromZip()%>>
<input type="hidden" name="filePath" value=<%=q(bean.getFilePath())%>>
<input type="hidden" name="filePath" value="<%=h(bean.getFilePath())%>">
<div id="startPipelineImportForm"></div>
</labkey:form>

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@
%>

This webpart displays a list of survey instances created by the end user. Select which survey design this webpart should use:<br><br>
<div id=<%=q(divId)%>></div>
<div id="<%=h(divId)%>"></div>

<script type="text/javascript" nonce="<%=getScriptNonce()%>">
Ext4.onReady(function(){
Expand Down
6 changes: 3 additions & 3 deletions survey/src/org/labkey/survey/view/surveyWizard.jsp
Original file line number Diff line number Diff line change
Expand Up @@ -76,9 +76,9 @@
else
{
%>
<div id=<%=q(headerRenderId)%>></div>
<div id=<%=q(formRenderId)%>></div>
<div id=<%=q(footerRenderId)%>></div>
<div id="<%=h(headerRenderId)%>"></div>
<div id="<%=h(formRenderId)%>"></div>
<div id="<%=h(footerRenderId)%>"></div>
<script type="text/javascript" nonce="<%=getScriptNonce()%>">
Ext4.onReady(function(){
Expand Down

0 comments on commit fb5fcfe

Please sign in to comment.