[jira] [Updated] (LANG-1180) StringEscapeUtils.escapeEcmaScript incorrectly handles single-quotes

Wed, 28 Oct 2015 13:04:20 -0700 

     [ 
https://issues.apache.org/jira/browse/LANG-1180?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dan Wallach updated LANG-1180:
------------------------------
    Description: 
The following code illustrates the problem:

{noformat}
public void testEscapes() {
        String ecmaSingleEscape = StringEscapeUtils.escapeEcmaScript("X'Y");
        String ecmaDoubleEscape = StringEscapeUtils.escapeEcmaScript("X\"Y");

        assertEquals("X\\\"Y", ecmaDoubleEscape); // works correctly
        assertEquals("X'Y", ecmaSingleEscape); // incorrectly inserts a 
backslash
}
{noformat}

According to json.org, single-quote is not a valid character for being 
backslash-escaped in a string. The only valid backslash escapes are:

\"
\\
\/
\b
\f
\n
\r
\t
\u four-hex-digits

  was:
The following code illustrates the problem:

{{
public void testEscapes() {
        String ecmaSingleEscape = StringEscapeUtils.escapeEcmaScript("X'Y");
        String ecmaDoubleEscape = StringEscapeUtils.escapeEcmaScript("X\"Y");

        assertEquals("X\\\"Y", ecmaDoubleEscape); // works correctly
        assertEquals("X'Y", ecmaSingleEscape); // incorrectly inserts a 
backslash
}
}}

According to json.org, single-quote is not a valid character for being 
backslash-escaped in a string. The only valid backslash escapes are:

\"
\\
\/
\b
\f
\n
\r
\t
\u four-hex-digits


> StringEscapeUtils.escapeEcmaScript incorrectly handles single-quotes
> --------------------------------------------------------------------
>
>                 Key: LANG-1180
>                 URL: https://issues.apache.org/jira/browse/LANG-1180
>             Project: Commons Lang
>          Issue Type: Bug
>    Affects Versions: 3.4
>            Reporter: Dan Wallach
>            Priority: Minor
>
> The following code illustrates the problem:
> {noformat}
> public void testEscapes() {
>         String ecmaSingleEscape = StringEscapeUtils.escapeEcmaScript("X'Y");
>         String ecmaDoubleEscape = StringEscapeUtils.escapeEcmaScript("X\"Y");
>         assertEquals("X\\\"Y", ecmaDoubleEscape); // works correctly
>         assertEquals("X'Y", ecmaSingleEscape); // incorrectly inserts a 
> backslash
> }
> {noformat}
> According to json.org, single-quote is not a valid character for being 
> backslash-escaped in a string. The only valid backslash escapes are:
> \"
> \\
> \/
> \b
> \f
> \n
> \r
> \t
> \u four-hex-digits



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to