diff options
| author | Luciano Iam <lucianito@gmail.com> | 2020-04-19 20:57:57 +0200 |
|---|---|---|
| committer | Robin Gareus <robin@gareus.org> | 2020-04-20 22:59:17 +0200 |
| commit | 3c423d92658bfa36612d3c335c7a67e7d208200f (patch) | |
| tree | 207e3e63fc5dcbf9468ac065ca49276a3db66933 /libs/surfaces | |
| parent | b7cdb63a95118186ba46b3ee08bc17a47388536f (diff) | |
WebSockets: json-escape user strings loaded from manifest.xml
Diffstat (limited to 'libs/surfaces')
| -rw-r--r-- | libs/surfaces/websockets/manifest.cc | 24 | ||||
| -rw-r--r-- | libs/surfaces/websockets/manifest.h | 1 |
2 files changed, 22 insertions, 3 deletions
diff --git a/libs/surfaces/websockets/manifest.cc b/libs/surfaces/websockets/manifest.cc index 92fa57e5b6..51e9954e5f 100644 --- a/libs/surfaces/websockets/manifest.cc +++ b/libs/surfaces/websockets/manifest.cc @@ -16,6 +16,7 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include <iomanip> #include <iostream> #include <sstream> @@ -76,9 +77,9 @@ SurfaceManifest::to_json () ss << "{" << "\"path\":\"" << Glib::path_get_basename (_path) << "\"" - << ",\"name\":\"" << _name << "\"" - << ",\"description\":\"" << _description << "\"" - << ",\"version\":\"" << _version << "\"" + << ",\"name\":\"" << escape_json (_name) << "\"" + << ",\"description\":\"" << escape_json (_description) << "\"" + << ",\"version\":\"" << escape_json (_version) << "\"" << "}"; return ss.str (); @@ -90,3 +91,20 @@ SurfaceManifest::exists_at_path (std::string path) std::string xml_path = Glib::build_filename (path, manifest_filename); return Glib::file_test (xml_path, Glib::FILE_TEST_EXISTS); } + +/* adapted from https://stackoverflow.com/questions/10789740/passing-stdstring-by-value-or-reference + CC BY-SA 4.0 license */ +std::string +SurfaceManifest::escape_json (const std::string &s) { + std::ostringstream o; + + for (std::string::const_iterator it = s.begin(); it != s.end(); ++it) { + if (*it == '"' || *it == '\\' || ('\x00' <= *it && *it <= '\x1f')) { + o << "\\u" << std::hex << std::setw (4) << std::setfill ('0') << static_cast<int>(*it); + } else { + o << *it; + } + } + + return o.str (); +} diff --git a/libs/surfaces/websockets/manifest.h b/libs/surfaces/websockets/manifest.h index 45ecc37f6a..40b6e177a3 100644 --- a/libs/surfaces/websockets/manifest.h +++ b/libs/surfaces/websockets/manifest.h @@ -37,6 +37,7 @@ public: std::string to_json (); static bool exists_at_path (std::string); + static std::string escape_json (const std::string&); private: bool _valid; |