]> source.dussan.org Git - sonarqube.git/commitdiff
SONAR-14642 - SSF-142
authorZipeng WU <zipeng.wu@sonarsource.com>
Mon, 29 Mar 2021 13:50:52 +0000 (15:50 +0200)
committersonartech <sonartech@sonarsource.com>
Wed, 31 Mar 2021 20:03:47 +0000 (20:03 +0000)
server/sonar-webserver-ws/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java
sonar-plugin-api/src/main/java/org/sonar/api/utils/text/JsonWriter.java
sonar-plugin-api/src/test/java/org/sonar/api/utils/text/JsonWriterTest.java

index fad9268dae59848665a4071c4e65db1eebf21a27..7b86c69e5e7a38e6b4e8b52a9c42a2aafe9ca581 100644 (file)
@@ -208,7 +208,7 @@ public class WebServiceEngineTest {
 
     DumbResponse response = run(request, newWs("api/foo", a -> a.setHandler((req, resp) -> request.param("unknown"))));
 
-    assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"BUG - parameter 'unknown' is undefined for action 'foo'\"}]}");
+    assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"BUG - parameter \\u0027unknown\\u0027 is undefined for action \\u0027foo\\u0027\"}]}");
     assertThat(response.stream().status()).isEqualTo(400);
   }
 
@@ -221,7 +221,7 @@ public class WebServiceEngineTest {
       a.setHandler((req, resp) -> request.mandatoryParam("bar"));
     }));
 
-    assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"The 'bar' parameter is missing\"}]}");
+    assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"The \\u0027bar\\u0027 parameter is missing\"}]}");
     assertThat(response.stream().status()).isEqualTo(400);
   }
 
@@ -235,7 +235,7 @@ public class WebServiceEngineTest {
       a.setHandler((req, resp) -> request.param("bar"));
     }));
 
-    assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"The 'bar' parameter is missing\"}]}");
+    assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"The \\u0027bar\\u0027 parameter is missing\"}]}");
     assertThat(response.stream().status()).isEqualTo(400);
   }
 
@@ -287,7 +287,7 @@ public class WebServiceEngineTest {
       a.setHandler((req, resp) -> resp.stream().output().write(req.mandatoryParam("format").getBytes(UTF_8)));
     }));
 
-    assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"Value of parameter 'format' (yml) must be one of: [json, xml]\"}]}");
+    assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"Value of parameter \\u0027format\\u0027 (yml) must be one of: [json, xml]\"}]}");
     assertThat(response.stream().status()).isEqualTo(400);
   }
 
index 132978badd3808a8719037d64a60583c10230417..569045ff18f2d2987ad574af29abdbbd164cac1d 100644 (file)
@@ -74,6 +74,7 @@ public class JsonWriter implements AutoCloseable {
     this.stream = new com.google.gson.stream.JsonWriter(writer);
     this.stream.setSerializeNulls(false);
     this.stream.setLenient(false);
+    this.stream.setHtmlSafe(true);
     this.serializeEmptyStrings = true;
   }
 
index ad523fb74f97d2f59682454e6e665c380b46f9f9..9ae97fcfa35c34261fb540b9eb1dd4dce680ff80 100644 (file)
@@ -152,7 +152,15 @@ public class JsonWriterTest {
     underTest.beginObject()
       .prop("foo", "<hello \"world\">")
       .endObject().close();
-    expect("{\"foo\":\"<hello \\\"world\\\">\"}");
+    expect("{\"foo\":\"\\u003chello \\\"world\\\"\\u003e\"}");
+  }
+
+  @Test
+  public void escape_html_characters() {
+    underTest.beginObject()
+            .prop("foo", "123<>abc")
+            .endObject().close();
+    expect("{\"foo\":\"123\\u003c\\u003eabc\"}");
   }
 
   @Test