lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benson Margulies (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (SOLR-2520) JSONResponseWriter w/json.wrf can produce invalid javascript depending on unicode chars in response data
Date Mon, 16 May 2011 23:03:47 GMT

     [ https://issues.apache.org/jira/browse/SOLR-2520?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Benson Margulies updated SOLR-2520:
-----------------------------------

    Description: 
Please see http://timelessrepo.com/json-isnt-a-javascript-subset.

If a stored field contains Unicode characters that are valid in Json but not valid in Javascript,
and you use the query option to ask for jsonp (json.wrt), solr does *not* escape them characters,
resulting in content that explodes on contact with browsers. That is, there are certain Unicode
characters that are valid JSON but invalid in Javascript source, and a JSONP response is javascript
source, to be incorporated in an HTML script tag. 


  was:
Please see http://timelessrepo.com/json-isnt-a-javascript-subset.

If a stored field contains invalid Javascript characters, and you use the query option to
ask for jsonp, solr does *not* escape some invalid Unicode characters, resulting in strings
that explode on contact with browsers.



> JSONResponseWriter w/json.wrf can produce invalid javascript depending on unicode chars
in response data
> --------------------------------------------------------------------------------------------------------
>
>                 Key: SOLR-2520
>                 URL: https://issues.apache.org/jira/browse/SOLR-2520
>             Project: Solr
>          Issue Type: Bug
>    Affects Versions: 4.0
>            Reporter: Benson Margulies
>         Attachments: SOLR-2520.patch
>
>
> Please see http://timelessrepo.com/json-isnt-a-javascript-subset.
> If a stored field contains Unicode characters that are valid in Json but not valid in
Javascript, and you use the query option to ask for jsonp (json.wrt), solr does *not* escape
them characters, resulting in content that explodes on contact with browsers. That is, there
are certain Unicode characters that are valid JSON but invalid in Javascript source, and a
JSONP response is javascript source, to be incorporated in an HTML script tag. 

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message