diff options
| -rw-r--r-- | includes/common.inc | 5 | ||||
| -rw-r--r-- | modules/simpletest/tests/common.test | 5 |
2 files changed, 7 insertions, 3 deletions
diff --git a/includes/common.inc b/includes/common.inc index 080caab1b..ecfd1a4a7 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -4389,7 +4389,7 @@ function drupal_clear_js_cache() { */ function drupal_json_encode($var) { // json_encode() does not escape <, > and &, so we do it with str_replace(). - return str_replace(array('<', '>', '&'), array('\x3c', '\x3e', '\x26'), json_encode($var)); + return str_replace(array('<', '>', '&'), array('\u003c', '\u003e', '\u0026'), json_encode($var)); } /** @@ -4399,8 +4399,7 @@ function drupal_json_encode($var) { * @ingroup php_wrappers */ function drupal_json_decode($var) { - // json_decode() does not unescape <, > and &, so we do it with str_replace(). - return json_decode(str_replace(array('\x3c', '\x3e', '\x26'), array('<', '>', '&'), $var), TRUE); + return json_decode($var, TRUE); } /** diff --git a/modules/simpletest/tests/common.test b/modules/simpletest/tests/common.test index 156bb8fd8..6c617edf7 100644 --- a/modules/simpletest/tests/common.test +++ b/modules/simpletest/tests/common.test @@ -1802,6 +1802,7 @@ class DrupalJSONTest extends DrupalUnitTestCase { } // Characters that must be escaped. $html_unsafe = array('<', '>', '&'); + $html_unsafe_escaped = array('\u003c', '\u003e', '\u0026'); // Verify there aren't character encoding problems with the source string. $this->assertIdentical(strlen($str), 128, t('A string with the full ASCII table has the correct length.')); @@ -1824,6 +1825,10 @@ class DrupalJSONTest extends DrupalUnitTestCase { foreach ($html_unsafe as $char) { $this->assertTrue(strpos($json, $char) === FALSE, t('A JSON encoded string does not contain @s.', array('@s' => $char))); } + // Verify that JSON encoding escapes the HTML unsafe characters + foreach ($html_unsafe_escaped as $char) { + $this->assertTrue(strpos($json, $char) > 0, t('A JSON encoded string contains @s.', array('@s' => $char))); + } $json_decoded = drupal_json_decode($json); $this->assertNotIdentical($source, $json, t('An array encoded in JSON is not identical to the source.')); $this->assertIdentical($source, $json_decoded, t('Encoding structured data to JSON and decoding back results in the original data.')); |