Encode HTML tags in JSON

While not encoding the HTML tags in the JSON response is perfectly fine since we set the proper mimetype as well as disable content sniffing a lot of automated code scanner do report this as security bug. Encoding them leads to less discussions and a lot of saved time.

1 files changed, 20 insertions, 6 deletions

diff --git a/tests/lib/appframework/http/JSONResponseTest.php b/tests/lib/appframework/http/JSONResponseTest.php
index 692237f57b2..253c523934b 100644
--- a/tests/lib/appframework/http/JSONResponseTest.php
+++ b/tests/lib/appframework/http/JSONResponseTest.php
@@ -66,13 +66,27 @@ class JSONResponseTest extends \Test\TestCase {
 		$this->assertEquals($expected, $this->json->render());
 	}
 
+	/**
+	 * @return array
+	 */
+	public function testRenderProvider() {
+		return [
+			[
+				['test' => 'hi'], '{"test":"hi"}',
+			],
+			[
+				['<h1>test' => '<h1>hi'], '{"\u003Ch1\u003Etest":"\u003Ch1\u003Ehi"}',
+			],
+		];
+	}
 
-	public function testRender() {
-		$params = array('test' => 'hi');
-		$this->json->setData($params);
-
-		$expected = '{"test":"hi"}';
-
+	/**
+	 * @dataProvider testRenderProvider
+	 * @param array $input
+	 * @param string $expected
+	 */
+	public function testRender(array $input, $expected) {
+		$this->json->setData($input);
 		$this->assertEquals($expected, $this->json->render());
 	}