From b49a51f553f74c46c4bc27028eacffe4e6346aec Mon Sep 17 00:00:00 2001 From: labkey-matthewb Date: Tue, 9 Jan 2024 10:35:12 -0800 Subject: [PATCH 1/4] JavaScriptFragment.asJson() replace Jsp.unsafe() with JavaScriptFragment.unsafe() in diff --git a/api/src/org/labkey/api/util/JavaScriptFragment.java b/api/src/org/labkey/api/util/JavaScriptFragment.java index da9a5413d1a..be411ac21a9 100644 --- a/api/src/org/labkey/api/util/JavaScriptFragment.java +++ b/api/src/org/labkey/api/util/JavaScriptFragment.java @@ -1,5 +1,7 @@ package org.labkey.api.util; +import com.fasterxml.jackson.core.JsonProcessingException; +import org.apache.commons.lang3.StringUtils; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; @@ -9,6 +11,7 @@ */ public class JavaScriptFragment implements SafeToRender { + public static final JavaScriptFragment EMPTY = new JavaScriptFragment(""); public static final JavaScriptFragment EMPTY_STRING = JavaScriptFragment.unsafe("''"); public static final JavaScriptFragment NULL = JavaScriptFragment.unsafe(" null "); public static final JavaScriptFragment TRUE = JavaScriptFragment.unsafe(" true "); @@ -25,9 +28,31 @@ public class JavaScriptFragment implements SafeToRender */ public static @NotNull JavaScriptFragment unsafe(@Nullable String s) { + if (null == s) + return EMPTY; + // even with unsafe() a javascript fragment can never contain the sequence "" + // since metrics) if (metrics.size() > 0) { String serializedMetrics; - ObjectMapper mapper = new ObjectMapper(); try { - serializedMetrics = mapper.writeValueAsString(metrics); + serializedMetrics = JsonUtil.DEFAULT_MAPPER.writeValueAsString(metrics); addParam(JSON_METRICS_KEY, serializedMetrics); } catch (JsonProcessingException e) diff --git a/api/src/org/labkey/api/util/UsageReportingLevel.java b/api/src/org/labkey/api/util/UsageReportingLevel.java index 574ec1f6682..b993968a509 100644 --- a/api/src/org/labkey/api/util/UsageReportingLevel.java +++ b/api/src/org/labkey/api/util/UsageReportingLevel.java @@ -334,7 +334,7 @@ public static Map getMetrics(UsageReportingLevel level) try { @SuppressWarnings({"unchecked"}) - Map metrics = new ObjectMapper().readValue(Objects.requireNonNull(getReportParams(level)).get("jsonMetrics"), Map.class); + Map metrics = JsonUtil.DEFAULT_MAPPER.readValue(Objects.requireNonNull(getReportParams(level)).get("jsonMetrics"), Map.class); return metrics; } catch (IOException e) diff --git a/assay/src/org/labkey/assay/plate/AssayPlateMetadataServiceImpl.java b/assay/src/org/labkey/assay/plate/AssayPlateMetadataServiceImpl.java index 7b118ec8156..998e06e812d 100644 --- a/assay/src/org/labkey/assay/plate/AssayPlateMetadataServiceImpl.java +++ b/assay/src/org/labkey/assay/plate/AssayPlateMetadataServiceImpl.java @@ -44,6 +44,7 @@ import org.labkey.api.query.QueryUpdateService; import org.labkey.api.query.ValidationException; import org.labkey.api.security.User; +import org.labkey.api.util.JsonUtil; import org.labkey.assay.TSVProtocolSchema; import org.labkey.assay.plate.model.Well; import org.labkey.assay.query.AssayDbSchema; @@ -412,11 +413,10 @@ public Map parsePlateMetadata(JSONObject json) throws Exp { try { - ObjectMapper mapper = new ObjectMapper(); if (json == null) throw new ExperimentException("No plate metadata was uploaded"); - return _parsePlateMetadata(mapper.readTree(json.toString())); + return _parsePlateMetadata(JsonUtil.DEFAULT_MAPPER.readTree(json.toString())); } catch (Exception e) { @@ -429,11 +429,10 @@ public Map parsePlateMetadata(File jsonData) throws Exper { try { - ObjectMapper mapper = new ObjectMapper(); if (jsonData == null) throw new ExperimentException("No plate metadata was uploaded"); - return _parsePlateMetadata(mapper.readTree(jsonData)); + return _parsePlateMetadata(JsonUtil.DEFAULT_MAPPER.readTree(jsonData)); } catch (Exception e) { diff --git a/core/src/org/labkey/core/admin/createFolder.jsp b/core/src/org/labkey/core/admin/createFolder.jsp index 15ad921d2c6..2b7465e023f 100644 --- a/core/src/org/labkey/core/admin/createFolder.jsp +++ b/core/src/org/labkey/core/admin/createFolder.jsp @@ -24,6 +24,7 @@ <%@ page import="org.labkey.core.admin.AdminController" %> <%@ page import="org.labkey.core.portal.CollaborationFolderType" %> <%@ page import="org.labkey.core.portal.ProjectController" %> +<%@ page import="org.labkey.api.util.JavaScriptFragment" %> <%@ page extends="org.labkey.api.jsp.JspBase" %> <%! @Override @@ -82,7 +83,7 @@ var moduleTypesMap = {}; var templateFolders = []; var selectedModules = <%=modulesOut%>; - var hasLoaded = <%=text(form.getHasLoaded()?"true":"false")%>; + var hasLoaded = <%=JavaScriptFragment.bool(form.getHasLoaded())%>; var defaultTab = <%=q(form.getDefaultModule())%>; var selectedTemplateFolder = <%=q(form.getTemplateSourceId())%>; var selectedTemplateWriters = <%=templateWriterTypes%>; diff --git a/core/src/org/labkey/core/admin/folderType.jsp b/core/src/org/labkey/core/admin/folderType.jsp index dd05419a36f..1833180dda1 100644 --- a/core/src/org/labkey/core/admin/folderType.jsp +++ b/core/src/org/labkey/core/admin/folderType.jsp @@ -347,7 +347,7 @@ for (Module module : allModules) LABKEY.requiresExt4Sandbox(function() { Ext4.onReady(function() { Ext4.create('Ext.button.Button', { - text: '<%=text(form.isWizard() ? "Next" : "Update Folder")%>', + text: <%=q(form.isWizard() ? "Next" : "Update Folder")%>, renderTo: 'UpdateFolderButtonDiv', handler: function() { if (!validate()) { @@ -380,7 +380,7 @@ for (Module module : allModules) url: LABKEY.ActionURL.buildURL('core', 'getContainerInfo.api'), method: 'POST', jsonData: { - containerPath: "<%=text(path)%>", + containerPath: <%=q(path)%>, newFolderType: newFolderType }, success: function (resp) { diff --git a/core/src/org/labkey/core/admin/moveFolder.jsp b/core/src/org/labkey/core/admin/moveFolder.jsp index 7a99219d907..f0b95ba2c65 100644 --- a/core/src/org/labkey/core/admin/moveFolder.jsp +++ b/core/src/org/labkey/core/admin/moveFolder.jsp @@ -26,6 +26,7 @@ <%@ page import="org.labkey.core.admin.AdminController.MoveFolderTreeView" %> <%@ page import="org.springframework.validation.Errors" %> <%@ page import="org.springframework.validation.ObjectError" %> +<%@ page import="org.labkey.api.util.JavaScriptFragment" %> <%@ page extends="org.labkey.api.jsp.JspBase" %> <%! @Override @@ -113,7 +114,7 @@ editable : true, expandable : true, text : <%=q(project.getParent().getName())%>, - <%=text(project.equals(c) ? "cls : 'x-tree-node-current'" : "")%> + <%=JavaScriptFragment.unsafe(project.equals(c) ? "cls : 'x-tree-node-current'" : "")%> }), rootVisible: false, enableDrag: false, diff --git a/core/src/org/labkey/core/view/configReportsAndScripts.jsp b/core/src/org/labkey/core/view/configReportsAndScripts.jsp index 2b32a6ebc0d..9730962dbe9 100644 --- a/core/src/org/labkey/core/view/configReportsAndScripts.jsp +++ b/core/src/org/labkey/core/view/configReportsAndScripts.jsp @@ -817,7 +817,7 @@ var record = { name: R_ENGINE_NAME, extensions: R_EXTENSIONS, - exeCommand: '<%=text(RReport.DEFAULT_R_CMD)%>', + exeCommand: <%=q(RReport.DEFAULT_R_CMD)%>, <% if (!StringUtils.isEmpty(RReport.getDefaultRPath())) { %> exePath: <%=q(RReport.getDefaultRPath())%>, <% } %> @@ -851,9 +851,9 @@ var record = { name: REMOTE_R_ENGINE_NAME, extensions: R_EXTENSIONS, - machine: '<%=text(RReport.DEFAULT_R_MACHINE)%>', + machine: <%=q(RReport.DEFAULT_R_MACHINE)%>, port:<%=RReport.DEFAULT_R_PORT%>, - exeCommand: '<%=text(RReport.DEFAULT_RSERVE_CMD)%>', + exeCommand: <%=q(RReport.DEFAULT_RSERVE_CMD)%>, outputFileName: <%= q(ExternalScriptEngine.SCRIPT_NAME_REPLACEMENT + ".Rout") %>, 'default': !defaultR, external: true, diff --git a/core/src/org/labkey/core/webdav/davListing.jsp b/core/src/org/labkey/core/webdav/davListing.jsp index 85c31bf3286..ca2733a7b1d 100644 --- a/core/src/org/labkey/core/webdav/davListing.jsp +++ b/core/src/org/labkey/core/webdav/davListing.jsp @@ -23,6 +23,7 @@ <%@ page import="org.labkey.core.webdav.DavController" %> <%@ page import="org.labkey.api.premium.PremiumService" %> <%@ page import="org.apache.commons.lang3.StringUtils" %> +<%@ page import="org.labkey.api.util.JavaScriptFragment" %> <%@ page extends="org.labkey.api.jsp.JspBase" %> <%! @Override @@ -102,7 +103,7 @@ actions: [ 'folderTreeToggle', 'parentFolder', 'refresh', 'createDirectory', 'download', 'deletePath', 'renamePath', 'movePath', 'upload', - '->', htmlViewAction, <%=unsafe(getUser().isGuest() ? "loginAction" : "logoutAction")%> + '->', htmlViewAction, <%=JavaScriptFragment.unsafe(getUser().isGuest() ? "loginAction" : "logoutAction")%> ], useServerActions: false }], diff --git a/experiment/src/org/labkey/experiment/ConfirmDelete.jsp b/experiment/src/org/labkey/experiment/ConfirmDelete.jsp index 39a951093b2..4f0aaa2b8e4 100644 --- a/experiment/src/org/labkey/experiment/ConfirmDelete.jsp +++ b/experiment/src/org/labkey/experiment/ConfirmDelete.jsp @@ -73,7 +73,7 @@ <% if (bean.getObjects().isEmpty()) { %>

There are no <%= h(numReferencedItems > 0 ? " additional " : "")%>selected objects to delete.

- <%= text(button("OK").href(successUrl).toString())%><% + <%= button("OK").href(successUrl) %><% } else { %> @@ -217,6 +217,6 @@ else { %> <%= button("Confirm Delete").submit(true).disableOnClick(true) %> <% } %> - <%= text(button("Cancel").href(cancelUrl).toString())%> + <%= button("Cancel").href(cancelUrl) %> <% } %> diff --git a/experiment/src/org/labkey/experiment/api/ExpDataClassImpl.java b/experiment/src/org/labkey/experiment/api/ExpDataClassImpl.java index b4f6e548a29..93416ab5ea4 100644 --- a/experiment/src/org/labkey/experiment/api/ExpDataClassImpl.java +++ b/experiment/src/org/labkey/experiment/api/ExpDataClassImpl.java @@ -51,6 +51,7 @@ import org.labkey.api.security.User; import org.labkey.api.security.permissions.DataClassReadPermission; import org.labkey.api.security.permissions.MediaReadPermission; +import org.labkey.api.util.JsonUtil; import org.labkey.api.util.PageFlowUtil; import org.labkey.api.util.Path; import org.labkey.api.util.UnexpectedException; @@ -321,6 +322,8 @@ public void delete(User user, @Nullable String auditUserComment) public TableInfo getTinfo() { Domain d = getDomain(); + if (null == d) + throw new NullPointerException("domain is null"); return StorageProvisioner.createTableInfo(d); } @@ -505,10 +508,9 @@ public void ensureMinGenId(long newSeqValue, Container c) throws ExperimentExcep try { - ObjectMapper mapper = new ObjectMapper(); TypeReference> typeRef = new TypeReference<>() {}; - return mapper.readValue(ds.getDataParentImportAliasMap(), typeRef); + return JsonUtil.DEFAULT_MAPPER.readValue(ds.getDataParentImportAliasMap(), typeRef); } catch (IOException e) { diff --git a/experiment/src/org/labkey/experiment/api/ExpSampleTypeImpl.java b/experiment/src/org/labkey/experiment/api/ExpSampleTypeImpl.java index 1af6c1dd16f..050b080d429 100644 --- a/experiment/src/org/labkey/experiment/api/ExpSampleTypeImpl.java +++ b/experiment/src/org/labkey/experiment/api/ExpSampleTypeImpl.java @@ -64,6 +64,7 @@ import org.labkey.api.security.User; import org.labkey.api.security.permissions.MediaReadPermission; import org.labkey.api.study.StudyService; +import org.labkey.api.util.JsonUtil; import org.labkey.api.util.PageFlowUtil; import org.labkey.api.util.Path; import org.labkey.api.util.StringExpressionFactory; @@ -1005,10 +1006,9 @@ public String getDocumentId() try { - ObjectMapper mapper = new ObjectMapper(); TypeReference> typeRef = new TypeReference<>() {}; - return mapper.readValue(ms.getMaterialParentImportAliasMap(), typeRef); + return JsonUtil.DEFAULT_MAPPER.readValue(ms.getMaterialParentImportAliasMap(), typeRef); } catch (IOException e) { diff --git a/experiment/src/org/labkey/experiment/api/ImportAliasesDisplayColumnFactory.java b/experiment/src/org/labkey/experiment/api/ImportAliasesDisplayColumnFactory.java index 7cd9d2e4951..27c82a6b852 100644 --- a/experiment/src/org/labkey/experiment/api/ImportAliasesDisplayColumnFactory.java +++ b/experiment/src/org/labkey/experiment/api/ImportAliasesDisplayColumnFactory.java @@ -14,6 +14,7 @@ import org.labkey.api.exp.api.ExpSampleType; import org.labkey.api.exp.api.SampleTypeService; import org.labkey.api.util.HtmlString; +import org.labkey.api.util.JsonUtil; import org.labkey.api.util.PageFlowUtil; import java.io.IOException; @@ -107,12 +108,11 @@ public HtmlString getFormattedHtml(RenderContext ctx) if (null == value) return HtmlString.EMPTY_STRING; - ObjectMapper mapper = new ObjectMapper(); DefaultPrettyPrinter pp = new DefaultPrettyPrinter(); pp.indentArraysWith(new DefaultIndenter()); - Object json = mapper.readValue(value.toString(), Object.class); - String strValue = mapper.writer(pp).writeValueAsString(json); + Object json = JsonUtil.DEFAULT_MAPPER.readValue(value.toString(), Object.class); + String strValue = JsonUtil.DEFAULT_MAPPER.writer(pp).writeValueAsString(json); String filteredValue = PageFlowUtil.filter(strValue, true); return HtmlString.unsafe("
" + filteredValue + "
"); } diff --git a/experiment/src/org/labkey/experiment/controllers/property/PropertyController.java b/experiment/src/org/labkey/experiment/controllers/property/PropertyController.java index 8566fe475fd..9c5b3717153 100644 --- a/experiment/src/org/labkey/experiment/controllers/property/PropertyController.java +++ b/experiment/src/org/labkey/experiment/controllers/property/PropertyController.java @@ -90,6 +90,7 @@ import org.labkey.api.util.ExceptionUtil; import org.labkey.api.util.FileType; import org.labkey.api.util.FileUtil; +import org.labkey.api.util.JavaScriptFragment; import org.labkey.api.util.JsonUtil; import org.labkey.api.util.JunitUtil; import org.labkey.api.util.Pair; @@ -1550,7 +1551,7 @@ private static GWTDomain getDomain(String schemaName, String queryName, Integer private static Map convertDomainToApiResponse(@NotNull GWTDomain domain) { - ObjectMapper om = new ObjectMapper(); + ObjectMapper om = JsonUtil.createDefaultMapper(); _propertyService.configureObjectMapper(om, null); try { @@ -1562,13 +1563,13 @@ private static Map convertDomainToApiResponse(@NotNull GWTDomain } } - public static String convertDomainToJson(@NotNull GWTDomain domain) + public static JavaScriptFragment convertDomainToJson(@NotNull GWTDomain domain) { - ObjectMapper om = new ObjectMapper(); + ObjectMapper om = JsonUtil.createDefaultMapper(); _propertyService.configureObjectMapper(om, null); try { - return om.writeValueAsString(domain); + return JavaScriptFragment.unsafe(om.writeValueAsString(domain)); } catch (Exception e) { diff --git a/experiment/src/org/labkey/experiment/controllers/property/templateUpdate.jsp b/experiment/src/org/labkey/experiment/controllers/property/templateUpdate.jsp index f0a5f7c22b3..c4b2fce351f 100644 --- a/experiment/src/org/labkey/experiment/controllers/property/templateUpdate.jsp +++ b/experiment/src/org/labkey/experiment/controllers/property/templateUpdate.jsp @@ -18,6 +18,7 @@ <%@ page import="org.labkey.api.view.HttpView" %> <%@ page import="org.labkey.api.view.template.ClientDependencies" %> <%@ page import="org.labkey.experiment.controllers.property.PropertyController" %> +<%@ page import="org.labkey.api.util.JavaScriptFragment" %> <%@ page extends="org.labkey.api.jsp.JspBase" %> <%! @Override @@ -55,10 +56,10 @@ { var schemaName = <%= q(model.schemaName) %>; var queryName = <%= q(model.queryName) %>; - var domain = <%= text(PropertyController.convertDomainToJson(model.domain)) %>; + var domain = <%= PropertyController.convertDomainToJson(model.domain) %>; domain.schemaName = schemaName; domain.queryName = queryName; - var template = <%= text(null==model.template ? "null" : PropertyController.convertDomainToJson(model.template)) %>; + var template = <%= null==model.template ? JavaScriptFragment.NULL : PropertyController.convertDomainToJson(model.template) %>; <% if (null == model.info) { %> var templateInfo = null; <% } else { %> diff --git a/mothership/src/org/labkey/mothership/MothershipController.java b/mothership/src/org/labkey/mothership/MothershipController.java index 601fa860d61..c1ce0a2b3b5 100644 --- a/mothership/src/org/labkey/mothership/MothershipController.java +++ b/mothership/src/org/labkey/mothership/MothershipController.java @@ -73,6 +73,7 @@ import org.labkey.api.util.DateUtil; import org.labkey.api.util.GUID; import org.labkey.api.util.HtmlString; +import org.labkey.api.util.JsonUtil; import org.labkey.api.util.MothershipReport; import org.labkey.api.util.Pair; import org.labkey.api.util.URLHelper; @@ -1211,8 +1212,7 @@ public Pair toSession(Container container) try { // Capture the Core module's info to put into mothership.SoftwareRelease - ObjectMapper mapper = new ObjectMapper(); - Map parsed = mapper.readValue(getJsonMetrics(), Map.class); + Map parsed = JsonUtil.DEFAULT_MAPPER.readValue(getJsonMetrics(), Map.class); Object modulesObject = parsed.get("modules"); if (modulesObject instanceof Map modulesMap) { diff --git a/mothership/src/org/labkey/mothership/MothershipManager.java b/mothership/src/org/labkey/mothership/MothershipManager.java index f6544c06c41..694253d5716 100644 --- a/mothership/src/org/labkey/mothership/MothershipManager.java +++ b/mothership/src/org/labkey/mothership/MothershipManager.java @@ -37,6 +37,7 @@ import org.labkey.api.security.User; import org.labkey.api.util.DateUtil; import org.labkey.api.util.GUID; +import org.labkey.api.util.JsonUtil; import org.labkey.api.util.MothershipReport; import org.labkey.api.util.ReentrantLockWithName; import org.labkey.api.util.logging.LogHelper; @@ -377,7 +378,7 @@ private String getBestJson(String currentValue, String newValue, String serverSe // Verify the newValue as valid json; if it is, return it. Otherwise, return null. try { - new ObjectMapper().readTree(newValue); + JsonUtil.DEFAULT_MAPPER.readTree(newValue); return newValue; } catch (IOException e) @@ -388,7 +389,7 @@ private String getBestJson(String currentValue, String newValue, String serverSe } // Rather than overwrite the current json map, merge the new with the current. - ObjectMapper mapper = new ObjectMapper(); + ObjectMapper mapper = JsonUtil.createDefaultMapper(); try { log.debug("Merging JSON. Old is " + currentValue.length() + " characters, new is " + newValue.length()); diff --git a/pipeline/src/org/labkey/pipeline/api/PipelineServiceImpl.java b/pipeline/src/org/labkey/pipeline/api/PipelineServiceImpl.java index 5aa9a84ed01..6f9bef4774c 100644 --- a/pipeline/src/org/labkey/pipeline/api/PipelineServiceImpl.java +++ b/pipeline/src/org/labkey/pipeline/api/PipelineServiceImpl.java @@ -67,6 +67,7 @@ import org.labkey.api.study.FolderArchiveSource; import org.labkey.api.trigger.TriggerConfiguration; import org.labkey.api.util.FileUtil; +import org.labkey.api.util.JsonUtil; import org.labkey.api.util.NetworkDrive; import org.labkey.api.util.TestContext; import org.labkey.api.util.logging.LogHelper; @@ -945,7 +946,7 @@ public String startFileAnalysis(AnalyzeForm form, @Nullable Map } ParamParser parser = PipelineJobService.get().createParamParser(); Map params = new HashMap<>(); - Map parsedMap = new ObjectMapper().readValue(form.getConfigureJson(), new TypeReference>(){}); + Map parsedMap = JsonUtil.DEFAULT_MAPPER.readValue(form.getConfigureJson(), new TypeReference>(){}); for (Map.Entry entry : parsedMap.entrySet()) { params.put(entry.getKey(), entry.getValue() == null ? null : entry.getValue().toString()); diff --git a/pipeline/src/org/labkey/pipeline/createPipelineTrigger.jsp b/pipeline/src/org/labkey/pipeline/createPipelineTrigger.jsp index 7e8fe1c068b..1c6c07cc625 100644 --- a/pipeline/src/org/labkey/pipeline/createPipelineTrigger.jsp +++ b/pipeline/src/org/labkey/pipeline/createPipelineTrigger.jsp @@ -30,6 +30,7 @@ <%@ page import="org.labkey.api.util.UniqueID" %> <%@ page import="org.labkey.api.pipeline.trigger.PipelineTriggerRegistry" %> <%@ page import="org.labkey.api.util.JsonUtil" %> +<%@ page import="org.labkey.api.util.JavaScriptFragment" %> <%@ page extends="org.labkey.api.jsp.JspBase" %> <%@ taglib prefix="labkey" uri="http://www.labkey.org/taglib" %> <%! @@ -92,10 +93,10 @@
diff --git a/survey/src/org/labkey/survey/SurveyManager.java b/survey/src/org/labkey/survey/SurveyManager.java index ee762fa1e26..ceb7ceaa4b3 100644 --- a/survey/src/org/labkey/survey/SurveyManager.java +++ b/survey/src/org/labkey/survey/SurveyManager.java @@ -707,8 +707,7 @@ public MultiValuedMap load(Stream reso */ public static String validateSurveyMetadata(String metadata) throws IOException { - ObjectMapper mapper = new ObjectMapper(); - mapper.readTree(metadata); + JsonUtil.DEFAULT_MAPPER.readTree(metadata); StringBuilder sb = new StringBuilder(); try diff --git a/visualization/src/org/labkey/visualization/VisualizationController.java b/visualization/src/org/labkey/visualization/VisualizationController.java index b89401041fc..0974b4fe1b5 100644 --- a/visualization/src/org/labkey/visualization/VisualizationController.java +++ b/visualization/src/org/labkey/visualization/VisualizationController.java @@ -91,6 +91,7 @@ import org.labkey.api.study.StudyService; import org.labkey.api.thumbnail.ThumbnailService; import org.labkey.api.thumbnail.ThumbnailService.ImageType; +import org.labkey.api.util.JsonUtil; import org.labkey.api.util.PageFlowUtil; import org.labkey.api.util.Pair; import org.labkey.api.util.ResponseHelper; @@ -1648,7 +1649,7 @@ public static class TestCase extends Assert @Test public void testJacksonBinding() throws Exception { - ObjectReader r = new ObjectMapper().reader(VisDataRequest.class) + ObjectReader r = JsonUtil.DEFAULT_MAPPER.reader(VisDataRequest.class) .without(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES); String measure1 = "{\"allowNullResults\":true, \"aggregate\":\"MAX\", \"alias\":\"table_column\", " + "\"inNotNullSet\":true, \"name\":\"column\", \"nsvalues\":\"whatisthis\"," + diff --git a/visualization/src/org/labkey/visualization/VisualizationServiceImpl.java b/visualization/src/org/labkey/visualization/VisualizationServiceImpl.java index 8e2c2408c69..66b0bc45616 100644 --- a/visualization/src/org/labkey/visualization/VisualizationServiceImpl.java +++ b/visualization/src/org/labkey/visualization/VisualizationServiceImpl.java @@ -35,6 +35,7 @@ import org.labkey.api.query.UserSchema; import org.labkey.api.security.User; import org.labkey.api.study.DatasetTable; +import org.labkey.api.util.JsonUtil; import org.labkey.api.util.Pair; import org.labkey.api.view.ViewContext; import org.labkey.api.visualization.SQLGenerationException; @@ -63,8 +64,7 @@ public SQLResponse getDataGenerateSQL(Container c, User user, JSONObject json) t ViewContext context = new ViewContext(); context.setUser(user); context.setContainer(c); - - ObjectReader r = new ObjectMapper().reader(VisDataRequest.class).without(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES); + ObjectReader r = JsonUtil.DEFAULT_MAPPER.reader(VisDataRequest.class).without(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES); VisDataRequest vdr = r.readValue(json.toString()); vdr.setMetaDataOnly(true); @@ -85,7 +85,7 @@ public SQLResponse getDataCDSGenerateSQL(Container c, User user, JSONObject json context.setUser(user); context.setContainer(c); - ObjectReader r = new ObjectMapper().reader(VisDataRequest.class).without(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES); + ObjectReader r = JsonUtil.DEFAULT_MAPPER.reader(VisDataRequest.class).without(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES); VisDataRequest vdr = r.readValue(json.toString()); vdr.setMetaDataOnly(true); diff --git a/visualization/src/org/labkey/visualization/views/chartWizard.jsp b/visualization/src/org/labkey/visualization/views/chartWizard.jsp index 9a9a3ae5910..a7509b01601 100644 --- a/visualization/src/org/labkey/visualization/views/chartWizard.jsp +++ b/visualization/src/org/labkey/visualization/views/chartWizard.jsp @@ -125,7 +125,7 @@ canEdit: canEdit, canShare: <%=canShare%>, isDeveloper: <%=isDeveloper%>, - defaultNumberFormat: eval("<%=text(numberFormatFn)%>"), + defaultNumberFormat: eval(<%=q(numberFormatFn)%>), allowEditMode: <%=allowEditMode%>, editModeURL: editUrl, From 90f39de8c9b5a98a1c39a2be1110202af90bcc32 Mon Sep 17 00:00:00 2001 From: labkey-matthewb Date: Wed, 10 Jan 2024 09:53:26 -0800 Subject: [PATCH 2/4] use HtmlString for html --- api/src/org/labkey/api/util/SafeToRenderBuilder.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/src/org/labkey/api/util/SafeToRenderBuilder.java b/api/src/org/labkey/api/util/SafeToRenderBuilder.java index 7554f0aa30a..8574790f438 100644 --- a/api/src/org/labkey/api/util/SafeToRenderBuilder.java +++ b/api/src/org/labkey/api/util/SafeToRenderBuilder.java @@ -32,7 +32,7 @@ public int length() public SafeToRender getSafeToRender() { - return JavaScriptFragment.unsafe(_sb.toString()); + return HtmlString.unsafe(_sb.toString()); } @Override From 1ef652623fa7748a5e2b95ce5f29e41933323556 Mon Sep 17 00:00:00 2001 From: labkey-matthewb Date: Tue, 16 Jan 2024 11:13:01 -0800 Subject: [PATCH 3/4] JavaScriptFragment.asString() --- api/src/org/labkey/api/jsp/JspBase.java | 6 +++--- api/src/org/labkey/api/util/JavaScriptFragment.java | 11 +++++++++++ 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/api/src/org/labkey/api/jsp/JspBase.java b/api/src/org/labkey/api/jsp/JspBase.java index 178d6541fd7..88ddfdd3e14 100644 --- a/api/src/org/labkey/api/jsp/JspBase.java +++ b/api/src/org/labkey/api/jsp/JspBase.java @@ -264,12 +264,12 @@ public JavaScriptFragment json(JSONObject jsonObject, int indentFactor) */ final protected JavaScriptFragment q(String str) { - return null == str ? JavaScriptFragment.NULL : JavaScriptFragment.unsafe(PageFlowUtil.jsString(str)); + return JavaScriptFragment.asString(str); } final protected JavaScriptFragment q(HtmlString hs) { - return null == hs ? JavaScriptFragment.NULL : JavaScriptFragment.unsafe(PageFlowUtil.jsString(hs.toString())); + return null == hs ? JavaScriptFragment.NULL : JavaScriptFragment.asString(hs.toString()); } /** @@ -284,7 +284,7 @@ final protected JavaScriptFragment q(@Nullable URLHelper url) final protected JavaScriptFragment q(SafeToRender str) { - return null == str ? JavaScriptFragment.NULL : JavaScriptFragment.unsafe(PageFlowUtil.jsString(str.toString())); + return null == str ? JavaScriptFragment.NULL : JavaScriptFragment.asString(str.toString()); } protected HtmlString hq(String str) diff --git a/api/src/org/labkey/api/util/JavaScriptFragment.java b/api/src/org/labkey/api/util/JavaScriptFragment.java index be411ac21a9..58d4f71cf79 100644 --- a/api/src/org/labkey/api/util/JavaScriptFragment.java +++ b/api/src/org/labkey/api/util/JavaScriptFragment.java @@ -36,6 +36,17 @@ public class JavaScriptFragment implements SafeToRender return new JavaScriptFragment(s); } + /** Create escaped javascript string literal */ + public static @NotNull JavaScriptFragment asString(String s) + { + if (null == s) + return JavaScriptFragment.NULL; + var js = PageFlowUtil.jsString(s); + assert !StringUtils.contains(s, " Date: Tue, 16 Jan 2024 14:19:27 -0800 Subject: [PATCH 4/4] typo --- api/src/org/labkey/api/util/JavaScriptFragment.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/src/org/labkey/api/util/JavaScriptFragment.java b/api/src/org/labkey/api/util/JavaScriptFragment.java index 58d4f71cf79..2037f43455f 100644 --- a/api/src/org/labkey/api/util/JavaScriptFragment.java +++ b/api/src/org/labkey/api/util/JavaScriptFragment.java @@ -42,7 +42,7 @@ public class JavaScriptFragment implements SafeToRender if (null == s) return JavaScriptFragment.NULL; var js = PageFlowUtil.jsString(s); - assert !StringUtils.contains(s, "