Fixed #230, Fixed #227, and Fixed #93: html and unicode characters not escaped

This commit is contained in:
jos 2015-12-21 14:39:15 +01:00
parent 547438664f
commit dc40abf143
3 changed files with 7 additions and 1 deletions

View File

@ -6,6 +6,7 @@ https://github.com/josdejong/jsoneditor
## not yet released, version 4.2.2 ## not yet released, version 4.2.2
- Replaced the PNG icon images with SVG. Thanks @1j01. - Replaced the PNG icon images with SVG. Thanks @1j01.
- Fixed #230, #227, and #93: html and unicode characters not escaped.
- Fixed #149: Memory leak when switching mode from/to `code` mode, web worker - Fixed #149: Memory leak when switching mode from/to `code` mode, web worker
of Ace editor wasn't cleaned up. of Ace editor wasn't cleaned up.
- Fixed #234: Remove dependency on a fork of the `jsonlint` project on github. - Fixed #234: Remove dependency on a fork of the `jsonlint` project on github.

View File

@ -2858,6 +2858,7 @@ Node.prototype._stringCast = function(str) {
*/ */
Node.prototype._escapeHTML = function (text) { Node.prototype._escapeHTML = function (text) {
var htmlEscaped = String(text) var htmlEscaped = String(text)
.replace(/&/g, '&') // must be replaced first!
.replace(/</g, '&lt;') .replace(/</g, '&lt;')
.replace(/>/g, '&gt;') .replace(/>/g, '&gt;')
.replace(/ /g, ' &nbsp;') // replace double space with an nbsp and space .replace(/ /g, ' &nbsp;') // replace double space with an nbsp and space
@ -2880,7 +2881,8 @@ Node.prototype._unescapeHTML = function (escapedText) {
return htmlEscaped return htmlEscaped
.replace(/&lt;/g, '<') .replace(/&lt;/g, '<')
.replace(/&gt;/g, '>') .replace(/&gt;/g, '>')
.replace(/&nbsp;|\u00A0/g, ' '); .replace(/&nbsp;|\u00A0/g, ' ')
.replace(/&amp;/g, '&'); // must be replaced last
}; };
/** /**

View File

@ -1,6 +1,7 @@
<!DOCTYPE HTML> <!DOCTYPE HTML>
<html> <html>
<head> <head>
<title>Test JSONEditor</title>
<!--<meta http-equiv="Content-Type" content="text/html;charset=utf-8">--> <!--<meta http-equiv="Content-Type" content="text/html;charset=utf-8">-->
<link href="../dist/jsoneditor.css" rel="stylesheet" type="text/css"> <link href="../dist/jsoneditor.css" rel="stylesheet" type="text/css">
@ -50,6 +51,8 @@
json = { json = {
"array": [1, 2, 3], "array": [1, 2, 3],
"boolean": true, "boolean": true,
"htmlcode": '&quot;',
"unicode": '&#174;',
"null": null, "null": null,
"number": 123, "number": 123,
"object": {"a": "b", "c": "d"}, "object": {"a": "b", "c": "d"},