#6267: JavascriptHelper::escapeString() improvements
    Reporter:  danielaraujo  |          Type:  Bug    
      Status:  new           |      Priority:  Medium 
   Milestone:  1.2.x.x       |     Component:  Helpers
     Version:  1.2 Final     |      Severity:  Normal 
    Keywords:                |   Php_version:  n/a    
Cake_version:                |  
 Two situations when a string won't be properly escaped for JSON encoding
 by the JavascriptHelper::escapeString() function:

 1) When it contains \" (previously escaped quotation marks) it would be
 escaped as \\", when it should read \\\". Adding a new value to the start
 of the $escape array fixed it:

 $escape = array('\"'=>'\\\"', "\r\n" => '\n', "\r" => '\n', "\n" => '\n',
 '"' => '\"', "'" => "\\'");

 2) When a backslash is the last character in a string. It escapes the
 quotation marks used for JSON delimiting.

 So that particular backslash should be escaped before the string is
 output. But we should see if it wasn't already escaped. Here's a lazy fix.

 if (substr($string, -1)=='\\') {
         if (substr($string, -2)!='\\') {

 Not ideal since it doesn't take previous escapings into account.

Ticket URL: <https://trac.cakephp.org/ticket/6267>
CakePHP : The Rapid Development Framework for PHP <https://trac.cakephp.org/>
Cake is a rapid development framework for PHP which uses commonly known design 
patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC. 
Our primary goal is to provide a structured framework that enables PHP users at 
all levels to rapidly develop robust web applications, without any loss to 
You received this message because you are subscribed to the Google Groups 
"tickets cakephp" group.
To post to this group, send email to tickets-cakephp@googlegroups.com
To unsubscribe from this group, send email to 
For more options, visit this group at 

  • [CakePHP : The Rapid Dev... CakePHP : The Rapid Development Framework for PHP

Reply via email to