SONAR-14642 - SSF-142

2 files changed, 10 insertions, 1 deletions

diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/utils/text/JsonWriter.java b/sonar-plugin-api/src/main/java/org/sonar/api/utils/text/JsonWriter.java
index 132978badd3..569045ff18f 100644
--- a/sonar-plugin-api/src/main/java/org/sonar/api/utils/text/JsonWriter.java
+++ b/sonar-plugin-api/src/main/java/org/sonar/api/utils/text/JsonWriter.java
@@ -74,6 +74,7 @@ public class JsonWriter implements AutoCloseable {
     this.stream = new com.google.gson.stream.JsonWriter(writer);
     this.stream.setSerializeNulls(false);
     this.stream.setLenient(false);
+    this.stream.setHtmlSafe(true);
     this.serializeEmptyStrings = true;
   }
 
diff --git a/sonar-plugin-api/src/test/java/org/sonar/api/utils/text/JsonWriterTest.java b/sonar-plugin-api/src/test/java/org/sonar/api/utils/text/JsonWriterTest.java
index ad523fb74f9..9ae97fcfa35 100644
--- a/sonar-plugin-api/src/test/java/org/sonar/api/utils/text/JsonWriterTest.java
+++ b/sonar-plugin-api/src/test/java/org/sonar/api/utils/text/JsonWriterTest.java
@@ -152,7 +152,15 @@ public class JsonWriterTest {
     underTest.beginObject()
       .prop("foo", "<hello \"world\">")
       .endObject().close();
-    expect("{\"foo\":\"<hello \\\"world\\\">\"}");
+    expect("{\"foo\":\"\\u003chello \\\"world\\\"\\u003e\"}");
+  }
+
+  @Test
+  public void escape_html_characters() {
+    underTest.beginObject()
+            .prop("foo", "123<>abc")
+            .endObject().close();
+    expect("{\"foo\":\"123\\u003c\\u003eabc\"}");
   }
 
   @Test