chore: Correctly flag json encoding methods as escaping html and quotes

Especially with JSON_HEX_TAG it’s perfectly fine to echo JSON, and we only use it in JSON output anyway. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
author: Côme Chilliet <come.chilliet@nextcloud.com> 2025-02-17 11:16:27 +0100
committer: Côme Chilliet <come.chilliet@nextcloud.com> 2025-02-17 15:24:07 +0100
commit: fec865cc29ee0bc54dbd29c07e8cbe3d477bfca2 (patch)
tree: a2b54ebb48aa4acf74fcd50e3f28c6c661dfea91 /lib/public/AppFramework/Http/JSONResponse.php
parent: 579a337750c85bab1f1e6d798c10cbb012f3f819 (diff)
download: nextcloud-server-fec865cc29ee0bc54dbd29c07e8cbe3d477bfca2.tar.gz
nextcloud-server-fec865cc29ee0bc54dbd29c07e8cbe3d477bfca2.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/public/AppFramework/Http/JSONResponse.php b/lib/public/AppFramework/Http/JSONResponse.php
index efcf79d5e87..a226e29a1b5 100644
--- a/lib/public/AppFramework/Http/JSONResponse.php
+++ b/lib/public/AppFramework/Http/JSONResponse.php
@@ -58,6 +58,9 @@ class JSONResponse extends Response {
 	 * @return string the rendered json
 	 * @since 6.0.0
 	 * @throws \Exception If data could not get encoded
+	 *
+	 * @psalm-taint-escape has_quotes
+	 * @psalm-taint-escape html
 	 */
 	public function render() {
 		return json_encode($this->data, JSON_HEX_TAG | JSON_THROW_ON_ERROR | $this->encodeFlags, 2048);
author	Côme Chilliet <come.chilliet@nextcloud.com>	2025-02-17 11:16:27 +0100
committer	Côme Chilliet <come.chilliet@nextcloud.com>	2025-02-17 15:24:07 +0100
commit	fec865cc29ee0bc54dbd29c07e8cbe3d477bfca2 (patch)
tree	a2b54ebb48aa4acf74fcd50e3f28c6c661dfea91 /lib/public/AppFramework/Http/JSONResponse.php
parent	579a337750c85bab1f1e6d798c10cbb012f3f819 (diff)
download	nextcloud-server-fec865cc29ee0bc54dbd29c07e8cbe3d477bfca2.tar.gz nextcloud-server-fec865cc29ee0bc54dbd29c07e8cbe3d477bfca2.zip