From b26fc33ebb5525e812b5bebd23a0e4ab253f2180 Mon Sep 17 00:00:00 2001 From: Zipeng WU Date: Mon, 29 Mar 2021 15:50:52 +0200 Subject: [PATCH] SONAR-14642 - SSF-142 --- .../java/org/sonar/server/ws/WebServiceEngineTest.java | 8 ++++---- .../main/java/org/sonar/api/utils/text/JsonWriter.java | 1 + .../java/org/sonar/api/utils/text/JsonWriterTest.java | 10 +++++++++- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/server/sonar-webserver-ws/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java b/server/sonar-webserver-ws/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java index fad9268dae5..7b86c69e5e7 100644 --- a/server/sonar-webserver-ws/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java +++ b/server/sonar-webserver-ws/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java @@ -208,7 +208,7 @@ public class WebServiceEngineTest { DumbResponse response = run(request, newWs("api/foo", a -> a.setHandler((req, resp) -> request.param("unknown")))); - assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"BUG - parameter 'unknown' is undefined for action 'foo'\"}]}"); + assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"BUG - parameter \\u0027unknown\\u0027 is undefined for action \\u0027foo\\u0027\"}]}"); assertThat(response.stream().status()).isEqualTo(400); } @@ -221,7 +221,7 @@ public class WebServiceEngineTest { a.setHandler((req, resp) -> request.mandatoryParam("bar")); })); - assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"The 'bar' parameter is missing\"}]}"); + assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"The \\u0027bar\\u0027 parameter is missing\"}]}"); assertThat(response.stream().status()).isEqualTo(400); } @@ -235,7 +235,7 @@ public class WebServiceEngineTest { a.setHandler((req, resp) -> request.param("bar")); })); - assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"The 'bar' parameter is missing\"}]}"); + assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"The \\u0027bar\\u0027 parameter is missing\"}]}"); assertThat(response.stream().status()).isEqualTo(400); } @@ -287,7 +287,7 @@ public class WebServiceEngineTest { a.setHandler((req, resp) -> resp.stream().output().write(req.mandatoryParam("format").getBytes(UTF_8))); })); - assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"Value of parameter 'format' (yml) must be one of: [json, xml]\"}]}"); + assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"Value of parameter \\u0027format\\u0027 (yml) must be one of: [json, xml]\"}]}"); assertThat(response.stream().status()).isEqualTo(400); } diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/utils/text/JsonWriter.java b/sonar-plugin-api/src/main/java/org/sonar/api/utils/text/JsonWriter.java index 132978badd3..569045ff18f 100644 --- a/sonar-plugin-api/src/main/java/org/sonar/api/utils/text/JsonWriter.java +++ b/sonar-plugin-api/src/main/java/org/sonar/api/utils/text/JsonWriter.java @@ -74,6 +74,7 @@ public class JsonWriter implements AutoCloseable { this.stream = new com.google.gson.stream.JsonWriter(writer); this.stream.setSerializeNulls(false); this.stream.setLenient(false); + this.stream.setHtmlSafe(true); this.serializeEmptyStrings = true; } diff --git a/sonar-plugin-api/src/test/java/org/sonar/api/utils/text/JsonWriterTest.java b/sonar-plugin-api/src/test/java/org/sonar/api/utils/text/JsonWriterTest.java index ad523fb74f9..9ae97fcfa35 100644 --- a/sonar-plugin-api/src/test/java/org/sonar/api/utils/text/JsonWriterTest.java +++ b/sonar-plugin-api/src/test/java/org/sonar/api/utils/text/JsonWriterTest.java @@ -152,7 +152,15 @@ public class JsonWriterTest { underTest.beginObject() .prop("foo", "") .endObject().close(); - expect("{\"foo\":\"\"}"); + expect("{\"foo\":\"\\u003chello \\\"world\\\"\\u003e\"}"); + } + + @Test + public void escape_html_characters() { + underTest.beginObject() + .prop("foo", "123<>abc") + .endObject().close(); + expect("{\"foo\":\"123\\u003c\\u003eabc\"}"); } @Test -- 2.39.5