SONAR-14642 - SSF-142

author Zipeng WU <zipeng.wu@sonarsource.com>

Mon, 29 Mar 2021 13:50:52 +0000 (15:50 +0200)

committer sonartech <sonartech@sonarsource.com>

Wed, 31 Mar 2021 20:03:47 +0000 (20:03 +0000)
author Zipeng WU <zipeng.wu@sonarsource.com>
Mon, 29 Mar 2021 13:50:52 +0000 (15:50 +0200)
committer sonartech <sonartech@sonarsource.com>
Wed, 31 Mar 2021 20:03:47 +0000 (20:03 +0000)
diff --git a/server/sonar-webserver-ws/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java b/server/sonar-webserver-ws/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java

index fad9268dae59848665a4071c4e65db1eebf21a27..7b86c69e5e7a38e6b4e8b52a9c42a2aafe9ca581 100644 (file)
--- a/server/sonar-webserver-ws/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java
+++ b/server/sonar-webserver-ws/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java
@@ -208,7 +208,7 @@ public class WebServiceEngineTest {
  
      DumbResponse response = run(request, newWs("api/foo", a -> a.setHandler((req, resp) -> request.param("unknown"))));
  
-    assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"BUG - parameter 'unknown' is undefined for action 'foo'\"}]}");
+    assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"BUG - parameter \\u0027unknown\\u0027 is undefined for action \\u0027foo\\u0027\"}]}");
      assertThat(response.stream().status()).isEqualTo(400);
    }
  
@@ -221,7 +221,7 @@ public class WebServiceEngineTest {
        a.setHandler((req, resp) -> request.mandatoryParam("bar"));
      }));
  
-    assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"The 'bar' parameter is missing\"}]}");
+    assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"The \\u0027bar\\u0027 parameter is missing\"}]}");
      assertThat(response.stream().status()).isEqualTo(400);
    }
  
@@ -235,7 +235,7 @@ public class WebServiceEngineTest {
        a.setHandler((req, resp) -> request.param("bar"));
      }));
  
-    assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"The 'bar' parameter is missing\"}]}");
+    assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"The \\u0027bar\\u0027 parameter is missing\"}]}");
      assertThat(response.stream().status()).isEqualTo(400);
    }
  
@@ -287,7 +287,7 @@ public class WebServiceEngineTest {
        a.setHandler((req, resp) -> resp.stream().output().write(req.mandatoryParam("format").getBytes(UTF_8)));
      }));
  
-    assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"Value of parameter 'format' (yml) must be one of: [json, xml]\"}]}");
+    assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"Value of parameter \\u0027format\\u0027 (yml) must be one of: [json, xml]\"}]}");
      assertThat(response.stream().status()).isEqualTo(400);
    }
  
diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/utils/text/JsonWriter.java b/sonar-plugin-api/src/main/java/org/sonar/api/utils/text/JsonWriter.java

index 132978badd3808a8719037d64a60583c10230417..569045ff18f2d2987ad574af29abdbbd164cac1d 100644 (file)
--- a/sonar-plugin-api/src/main/java/org/sonar/api/utils/text/JsonWriter.java
+++ b/sonar-plugin-api/src/main/java/org/sonar/api/utils/text/JsonWriter.java
@@ -74,6 +74,7 @@ public class JsonWriter implements AutoCloseable {
      this.stream = new com.google.gson.stream.JsonWriter(writer);
      this.stream.setSerializeNulls(false);
      this.stream.setLenient(false);
+    this.stream.setHtmlSafe(true);
      this.serializeEmptyStrings = true;
    }
  
diff --git a/sonar-plugin-api/src/test/java/org/sonar/api/utils/text/JsonWriterTest.java b/sonar-plugin-api/src/test/java/org/sonar/api/utils/text/JsonWriterTest.java

index ad523fb74f97d2f59682454e6e665c380b46f9f9..9ae97fcfa35c34261fb540b9eb1dd4dce680ff80 100644 (file)
--- a/sonar-plugin-api/src/test/java/org/sonar/api/utils/text/JsonWriterTest.java
+++ b/sonar-plugin-api/src/test/java/org/sonar/api/utils/text/JsonWriterTest.java
@@ -152,7 +152,15 @@ public class JsonWriterTest {
      underTest.beginObject()
        .prop("foo", "<hello \"world\">")
        .endObject().close();
-    expect("{\"foo\":\"<hello \\\"world\\\">\"}");
+    expect("{\"foo\":\"\\u003chello \\\"world\\\"\\u003e\"}");
+  }
+
+  @Test
+  public void escape_html_characters() {
+    underTest.beginObject()
+            .prop("foo", "123<>abc")
+            .endObject().close();
+    expect("{\"foo\":\"123\\u003c\\u003eabc\"}");
    }
  
    @Test
author	Zipeng WU <zipeng.wu@sonarsource.com>
	Mon, 29 Mar 2021 13:50:52 +0000 (15:50 +0200)
committer	sonartech <sonartech@sonarsource.com>
	Wed, 31 Mar 2021 20:03:47 +0000 (20:03 +0000)
server/sonar-webserver-ws/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java		patch \| blob \| history
sonar-plugin-api/src/main/java/org/sonar/api/utils/text/JsonWriter.java		patch \| blob \| history
sonar-plugin-api/src/test/java/org/sonar/api/utils/text/JsonWriterTest.java		patch \| blob \| history