[GitHub] [velocity-tools] diggernet commented on pull request #13: VELTOOLS-184
diggernet commented on PR #13: URL: https://github.com/apache/velocity-tools/pull/13#issuecomment-1320649785 While I totally agree with you in general about libraries ignoring RFC, I'm not sure I understand your frustration with regards to this change. This has nothing to do with any RFC. The purpose of this change is user discoverability. When a user has a Velocity template that is a JSON file, and they need to escape the text they are putting into that JSON, what do they use? Ah, there's $esc.javascript() and JSON comes from Javascript, so that should work. It seems to work. But then they hit a string with ' and suddenly it doesn't work. Well, there's $esc.java(), but Java has nothing to do with JSON, so why trust that any more than $esc.javascript()? By adding $esc.json(), no matter the implementation, the user will see something obviously correct for their use case, and can move on to other things. I happened to choose to use escapeJson() to implement it because that struck me as more correct, but Claude makes a good argument that the difference shouldn't matter. Either way, the average Velocity user shouldn't need to care about those details. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org
[jira] [Commented] (VELTOOLS-184) EscapeTool: add a json method, or a javascript method with a second parameter
[ https://issues.apache.org/jira/browse/VELTOOLS-184?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636051#comment-17636051 ] Christopher Schultz commented on VELTOOLS-184: -- I stand corrected. > EscapeTool: add a json method, or a javascript method with a second parameter > - > > Key: VELTOOLS-184 > URL: https://issues.apache.org/jira/browse/VELTOOLS-184 > Project: Velocity Tools > Issue Type: Improvement > Components: GenericTools >Affects Versions: 2.x > Environment: any >Reporter: Maurice Perry >Priority: Minor > Labels: EscapeTool, escape, javascript, json > > The string returned by EscapeTool.javascript() method is not alway compliant > with the JSON syntax. For instance, when the input string contains an > apostrophe ', a backslash is inserted before it because there is no way for > the method to know if the string is enclosed with single or double quotes. > This is not compliant with the JSON syntax, and some JSON parsers will reject > the string. > There may be other differences between javascript and JSON strings, but this > is the one I encountered, and I had to use a workaround. > This issue can be solved either with a JSON method, or with a second > javascript method with a second parameter indicating the type of quote used. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org
[GitHub] [velocity-tools] ChristopherSchultz commented on pull request #13: VELTOOLS-184
ChristopherSchultz commented on PR #13: URL: https://github.com/apache/velocity-tools/pull/13#issuecomment-1320571869 Because that would require more code. IMO less code is always better if you can get away with it. This is adding code just for the sake of adding code. I'm not -1'ing this or anything, just complaining that it _should not be necessary_. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org
[jira] [Comment Edited] (VELTOOLS-184) EscapeTool: add a json method, or a javascript method with a second parameter
[
https://issues.apache.org/jira/browse/VELTOOLS-184?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636048#comment-17636048
]
Maurice Perry edited comment on VELTOOLS-184 at 11/18/22 9:56 PM:
--
You misread the RFC: any character can be escaped using a UNICODE hexadecimal
number, but only some can be directly escaped by preceding them with a
backslash:
{{{}string = quotation-mark *char quotation-mark{}}}{{{}char = unescaped /{}}}
{{escape (}}
{{%x22 / ; " quotation mark U+0022}}
{{%x5C / ; \ reverse solidus U+005C}}
{{%x2F / ; / solidus U+002F}}
{{%x62 / ; b backspace U+0008}}
{{%x66 / ; f form feed U+000C}}
{{%x6E / ; n line feed U+000A}}
{{%x72 / ; r carriage return U+000D}}
{{%x74 / ; t tab U+0009}}
{{{}%x75 4HEXDIG ) ; u U+{}}}{{{}escape = %x5C ;
\{}}}{{{}quotation-mark = %x22 ; "{}}}{{{}unescaped = %x20-21 / %x23-5B /
%x5D-10{}}}
The single quote is NOT one of them.
was (Author: robbyn):
You misread the RFC: any character can be escaped using a UNICODE hexadecimal
number, but only some can be directly escaped by preceding them with a
backslash:
string = quotation-mark *char quotation-mark
char = unescaped /
escape (
%x22 / ; "quotation mark U+0022
%x5C / ; \reverse solidus U+005C
%x2F / ; /solidus U+002F
%x62 / ; bbackspace U+0008
%x66 / ; fform feed U+000C
%x6E / ; nline feed U+000A
%x72 / ; rcarriage return U+000D
%x74 / ; ttab U+0009
%x75 4HEXDIG ) ; uU+
escape = %x5C ; \
quotation-mark = %x22 ; "
unescaped = %x20-21 / %x23-5B / %x5D-10
> EscapeTool: add a json method, or a javascript method with a second parameter
> -
>
> Key: VELTOOLS-184
> URL: https://issues.apache.org/jira/browse/VELTOOLS-184
> Project: Velocity Tools
> Issue Type: Improvement
> Components: GenericTools
>Affects Versions: 2.x
> Environment: any
>Reporter: Maurice Perry
>Priority: Minor
> Labels: EscapeTool, escape, javascript, json
>
> The string returned by EscapeTool.javascript() method is not alway compliant
> with the JSON syntax. For instance, when the input string contains an
> apostrophe ', a backslash is inserted before it because there is no way for
> the method to know if the string is enclosed with single or double quotes.
> This is not compliant with the JSON syntax, and some JSON parsers will reject
> the string.
> There may be other differences between javascript and JSON strings, but this
> is the one I encountered, and I had to use a workaround.
> This issue can be solved either with a JSON method, or with a second
> javascript method with a second parameter indicating the type of quote used.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org
For additional commands, e-mail: dev-h...@velocity.apache.org
[jira] [Commented] (VELTOOLS-184) EscapeTool: add a json method, or a javascript method with a second parameter
[ https://issues.apache.org/jira/browse/VELTOOLS-184?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636048#comment-17636048 ] Maurice Perry commented on VELTOOLS-184: You misread the RFC: any character can be escaped using a UNICODE hexadecimal number, but only some can be directly escaped by preceding them with a backslash: string = quotation-mark *char quotation-mark char = unescaped / escape ( %x22 / ; "quotation mark U+0022 %x5C / ; \reverse solidus U+005C %x2F / ; /solidus U+002F %x62 / ; bbackspace U+0008 %x66 / ; fform feed U+000C %x6E / ; nline feed U+000A %x72 / ; rcarriage return U+000D %x74 / ; ttab U+0009 %x75 4HEXDIG ) ; uU+ escape = %x5C ; \ quotation-mark = %x22 ; " unescaped = %x20-21 / %x23-5B / %x5D-10 > EscapeTool: add a json method, or a javascript method with a second parameter > - > > Key: VELTOOLS-184 > URL: https://issues.apache.org/jira/browse/VELTOOLS-184 > Project: Velocity Tools > Issue Type: Improvement > Components: GenericTools >Affects Versions: 2.x > Environment: any >Reporter: Maurice Perry >Priority: Minor > Labels: EscapeTool, escape, javascript, json > > The string returned by EscapeTool.javascript() method is not alway compliant > with the JSON syntax. For instance, when the input string contains an > apostrophe ', a backslash is inserted before it because there is no way for > the method to know if the string is enclosed with single or double quotes. > This is not compliant with the JSON syntax, and some JSON parsers will reject > the string. > There may be other differences between javascript and JSON strings, but this > is the one I encountered, and I had to use a workaround. > This issue can be solved either with a JSON method, or with a second > javascript method with a second parameter indicating the type of quote used. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org
[GitHub] [velocity-tools] arkanovicz commented on pull request #13: VELTOOLS-184
arkanovicz commented on PR #13: URL: https://github.com/apache/velocity-tools/pull/13#issuecomment-1320455340 The current state of the patch is to propose `$esc.json()` (which didn't exist) as an alias for `$esc.java()`. I'm reluctant to escape things that don't have to be, not in regard to broken Json parsers, but because if we go this way, why not escape each and every character in the string?! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org
[jira] [Commented] (VELTOOLS-184) EscapeTool: add a json method, or a javascript method with a second parameter
[ https://issues.apache.org/jira/browse/VELTOOLS-184?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636011#comment-17636011 ] Claude Brisson commented on VELTOOLS-184: - There may be broken Json parsers in the wild, but that's not a reason for us to escape things that don't need to be. > EscapeTool: add a json method, or a javascript method with a second parameter > - > > Key: VELTOOLS-184 > URL: https://issues.apache.org/jira/browse/VELTOOLS-184 > Project: Velocity Tools > Issue Type: Improvement > Components: GenericTools >Affects Versions: 2.x > Environment: any >Reporter: Maurice Perry >Priority: Minor > Labels: EscapeTool, escape, javascript, json > > The string returned by EscapeTool.javascript() method is not alway compliant > with the JSON syntax. For instance, when the input string contains an > apostrophe ', a backslash is inserted before it because there is no way for > the method to know if the string is enclosed with single or double quotes. > This is not compliant with the JSON syntax, and some JSON parsers will reject > the string. > There may be other differences between javascript and JSON strings, but this > is the one I encountered, and I had to use a workaround. > This issue can be solved either with a JSON method, or with a second > javascript method with a second parameter indicating the type of quote used. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org
[GitHub] [velocity-tools] ChristopherSchultz commented on pull request #13: VELTOOLS-184
ChristopherSchultz commented on PR #13: URL: https://github.com/apache/velocity-tools/pull/13#issuecomment-1320432439 I think buggy libraries which ignore `RFC-MUST` should be fixed or made to die. There is no reason this patch should be necessary. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org
[jira] [Comment Edited] (VELTOOLS-184) EscapeTool: add a json method, or a javascript method with a second parameter
[
https://issues.apache.org/jira/browse/VELTOOLS-184?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17635999#comment-17635999
]
Christopher Schultz edited comment on VELTOOLS-184 at 11/18/22 7:12 PM:
I'm sorry, but whatever JSON parser you are working with is patently broken.
Quoting [RFC 4627, section
2.5|https://www.ietf.org/rfc/rfc4627.html#section-2.5]:
{quote}Any character may be escaped.
{quote}
So, breaking when ' is (perhaps unexpectedly) escaped means that {_}the library
is broken{_}.
was (Author: ch...@christopherschultz.net):
I'm sorry, but whatever JSON parser you are working with is patently broken.
Quoting [RFC 4627, section
2.5|[http://example.com|https://www.ietf.org/rfc/rfc4627.html#section-2.5]]:
{quote}Any character may be escaped.
{quote}
So, breaking when ' is (perhaps unexpectedly) escaped means that {_}the library
is broken{_}.
> EscapeTool: add a json method, or a javascript method with a second parameter
> -
>
> Key: VELTOOLS-184
> URL: https://issues.apache.org/jira/browse/VELTOOLS-184
> Project: Velocity Tools
> Issue Type: Improvement
> Components: GenericTools
>Affects Versions: 2.x
> Environment: any
>Reporter: Maurice Perry
>Priority: Minor
> Labels: EscapeTool, escape, javascript, json
>
> The string returned by EscapeTool.javascript() method is not alway compliant
> with the JSON syntax. For instance, when the input string contains an
> apostrophe ', a backslash is inserted before it because there is no way for
> the method to know if the string is enclosed with single or double quotes.
> This is not compliant with the JSON syntax, and some JSON parsers will reject
> the string.
> There may be other differences between javascript and JSON strings, but this
> is the one I encountered, and I had to use a workaround.
> This issue can be solved either with a JSON method, or with a second
> javascript method with a second parameter indicating the type of quote used.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org
For additional commands, e-mail: dev-h...@velocity.apache.org
[jira] [Commented] (VELTOOLS-184) EscapeTool: add a json method, or a javascript method with a second parameter
[
https://issues.apache.org/jira/browse/VELTOOLS-184?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17635999#comment-17635999
]
Christopher Schultz commented on VELTOOLS-184:
--
I'm sorry, but whatever JSON parser you are working with is patently broken.
Quoting [RFC 4627, section
2.5|[http://example.com|https://www.ietf.org/rfc/rfc4627.html#section-2.5]]:
{quote}Any character may be escaped.
{quote}
So, breaking when ' is (perhaps unexpectedly) escaped means that {_}the library
is broken{_}.
> EscapeTool: add a json method, or a javascript method with a second parameter
> -
>
> Key: VELTOOLS-184
> URL: https://issues.apache.org/jira/browse/VELTOOLS-184
> Project: Velocity Tools
> Issue Type: Improvement
> Components: GenericTools
>Affects Versions: 2.x
> Environment: any
>Reporter: Maurice Perry
>Priority: Minor
> Labels: EscapeTool, escape, javascript, json
>
> The string returned by EscapeTool.javascript() method is not alway compliant
> with the JSON syntax. For instance, when the input string contains an
> apostrophe ', a backslash is inserted before it because there is no way for
> the method to know if the string is enclosed with single or double quotes.
> This is not compliant with the JSON syntax, and some JSON parsers will reject
> the string.
> There may be other differences between javascript and JSON strings, but this
> is the one I encountered, and I had to use a workaround.
> This issue can be solved either with a JSON method, or with a second
> javascript method with a second parameter indicating the type of quote used.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org
For additional commands, e-mail: dev-h...@velocity.apache.org
[GitHub] [velocity-tools] diggernet commented on pull request #13: VELTOOLS-184
diggernet commented on PR #13: URL: https://github.com/apache/velocity-tools/pull/13#issuecomment-1320348077 I'm fine with a synonym too, unless some future issue is raised for compatibility. The main point is to have $esc.json() present, since the most obvious alternative of $esc.javascript() causes errors. Which is what led Maurice Perry to create VELTOOLS-184 two years ago, and why I discovered it this week. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org
[GitHub] [velocity-tools] arkanovicz commented on pull request #13: VELTOOLS-184
arkanovicz commented on PR #13: URL: https://github.com/apache/velocity-tools/pull/13#issuecomment-1320314516 Well, EcmaScript is not Json. I don't know of any valid reason to escape <'> and in Json, so I don't mind having an `esc.json()` method, but it should just ba a synonym of `$esc.java()` IMHO. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org
[GitHub] [velocity-tools] diggernet commented on pull request #13: VELTOOLS-184
diggernet commented on PR #13: URL: https://github.com/apache/velocity-tools/pull/13#issuecomment-1320290688 That's a fair question. I suppose the lazy answer is "because escapeJson() exists". :) Comparing escapeJava() and escapeJson() shows they differ on two characters: / and \u007F. I don't pretend to know why those differences exist, and in a quick test escapeJava() works without error. But they do produce different output strings. Without knowing the reason for this, I'd hesitate to assume that the output of escapeJava() is compatible with all existing JSON consuming code. So using escapeJson() seems the safer choice. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org
[GitHub] [velocity-tools] arkanovicz commented on pull request #13: VELTOOLS-184
arkanovicz commented on PR #13: URL: https://github.com/apache/velocity-tools/pull/13#issuecomment-1319738744 I see in StringEscapeUtils the following comment for `escapeEcmaScript()`: > The only difference between Java strings and EcmaScript strings > is that in EcmaScript, a single quote and forward-slash (/) are escaped. Is that what we want for json? Isn't it more pertinent to just call `escapeJava()`? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org
