Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

manifestXmlJsonml does not escape content, nor is there an escape for html/xml #1037

Open
scr-oath opened this issue Nov 27, 2022 · 1 comment
Open

manifestXmlJsonml does not escape content, nor is there an escape for html/xml #1037

scr-oath opened this issue Nov 27, 2022 · 1 comment

Comments

@scr-oath
Copy link
Contributor

scr-oath commented Nov 27, 2022
edited
Loading

How does one properly escape user inputs / data for insertion into contents of a tag?

[scr@R9459YDHVQ]$ jsonnet -S -e 'function(vars) std.manifestXmlJsonml(["statement", vars.statement])' --tla-code vars='{"statement": "5 < 4"}'
<statement>5 < 4</statement>

(Yes the statement is false 😄 , as is the output - it should be 5 &lt; 4)
@scr-oath
Copy link
Contributor Author

scr-oath commented Nov 27, 2022
edited
Loading

Something like this seems to work and would be nice to add to std.

function(s)
  local chars = std.stringChars(s);
  local escapes = {
    '<': '&lt;',
    '>': '&gt;',
    '&': '&amp;',
    '"': '&quot;',
    "'": '&apos;',
  };
  local escapedChars = std.map(function(c) std.get(escapes, c, c), chars);
  std.join('', escapedChars)

@scr-oath scr-oath mentioned this issue Nov 27, 2022
Merged
scr-oath added a commit to scr-oath/jsonnet that referenced this issue Dec 3, 2022
@scr-oath
Documents the escapeStringXml added in google#1038
3a7ed0a 
See:
- <google#1037>
- <google#1038>
This was referenced Dec 3, 2022
Merged
Open
scr-oath added a commit to scr-oath/go-jsonnet that referenced this issue Dec 3, 2022
@scr-oath
[661] Update stdlib to get std.escapeStringXml
cd2682a 
See
- google/jsonnet#1037
- google/jsonnet#1038
@scr-oath scr-oath mentioned this issue Dec 3, 2022
Merged
sparkprime pushed a commit that referenced this issue Jan 24, 2023
@scr-oath @sparkprime
Documents the escapeStringXml added in #1038
ffa5461 
See:
- <#1037>
- <#1038>
sbarzowski pushed a commit to google/go-jsonnet that referenced this issue Jan 29, 2023
@scr-oath
[661] Update stdlib to get std.escapeStringXml (#662)
a39e181 
See
- google/jsonnet#1037
- google/jsonnet#1038
vhata pushed a commit to discord/go-jsonnet that referenced this issue Aug 30, 2024
@scr-oath @vhata
[661] Update stdlib to get std.escapeStringXml (google#662)
c16b99b 
See
- google/jsonnet#1037
- google/jsonnet#1038
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@scr-oath