You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Benson Margulies (JIRA)" <ji...@apache.org> on 2011/05/16 02:05:47 UTC
[jira] [Created] (SOLR-2520) Solr creates invalid jsonp strings
Solr creates invalid jsonp strings
----------------------------------
Key: SOLR-2520
URL: https://issues.apache.org/jira/browse/SOLR-2520
Project: Solr
Issue Type: Bug
Affects Versions: 4.0
Reporter: Benson Margulies
Please see http://timelessrepo.com/json-isnt-a-javascript-subset.
If a stored field contains invalid Javascript characters, and you use the query option to ask for jsonp, solr does *not* escape some invalid Unicode characters, resulting in strings that explode on contact with browsers.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
[jira] [Updated] (SOLR-2520) JSONResponseWriter w/json.wrf can
produce invalid javascript depending on unicode chars in response data
Posted by "Hoss Man (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SOLR-2520?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hoss Man updated SOLR-2520:
---------------------------
Summary: JSONResponseWriter w/json.wrf can produce invalid javascript depending on unicode chars in response data (was: Solr creates invalid jsonp strings)
Benson: thanks for the clarification, i've updated the summary to attempt to clarify the root of the issue.
Would make more sense to have a "JavascriptResponseWriter" or to have the JSONResponseWriter do unicode escaping/stripping if/when json.wrf is specified?
> JSONResponseWriter w/json.wrf can produce invalid javascript depending on unicode chars in response data
> --------------------------------------------------------------------------------------------------------
>
> Key: SOLR-2520
> URL: https://issues.apache.org/jira/browse/SOLR-2520
> Project: Solr
> Issue Type: Bug
> Affects Versions: 4.0
> Reporter: Benson Margulies
>
> Please see http://timelessrepo.com/json-isnt-a-javascript-subset.
> If a stored field contains invalid Javascript characters, and you use the query option to ask for jsonp, solr does *not* escape some invalid Unicode characters, resulting in strings that explode on contact with browsers.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
[jira] [Commented] (SOLR-2520) JSONResponseWriter w/json.wrf can
produce invalid javascript depending on unicode chars in response data
Posted by "Benson Margulies (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SOLR-2520?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13034352#comment-13034352 ]
Benson Margulies commented on SOLR-2520:
----------------------------------------
Yes, that looks like that.
> JSONResponseWriter w/json.wrf can produce invalid javascript depending on unicode chars in response data
> --------------------------------------------------------------------------------------------------------
>
> Key: SOLR-2520
> URL: https://issues.apache.org/jira/browse/SOLR-2520
> Project: Solr
> Issue Type: Bug
> Affects Versions: 4.0
> Reporter: Benson Margulies
>
> Please see http://timelessrepo.com/json-isnt-a-javascript-subset.
> If a stored field contains invalid Javascript characters, and you use the query option to ask for jsonp, solr does *not* escape some invalid Unicode characters, resulting in strings that explode on contact with browsers.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
[jira] [Resolved] (SOLR-2520) JSONResponseWriter w/json.wrf can
produce invalid javascript depending on unicode chars in response data
Posted by "Yonik Seeley (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SOLR-2520?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Yonik Seeley resolved SOLR-2520.
--------------------------------
Resolution: Fixed
Fix Version/s: 3.2
Committed to trunk and 3x.
Thanks for bringing this to our attention Benson!
> JSONResponseWriter w/json.wrf can produce invalid javascript depending on unicode chars in response data
> --------------------------------------------------------------------------------------------------------
>
> Key: SOLR-2520
> URL: https://issues.apache.org/jira/browse/SOLR-2520
> Project: Solr
> Issue Type: Bug
> Affects Versions: 4.0
> Reporter: Benson Margulies
> Fix For: 3.2
>
> Attachments: SOLR-2520.patch
>
>
> Please see http://timelessrepo.com/json-isnt-a-javascript-subset.
> If a stored field contains Unicode characters that are valid in Json but not valid in Javascript, and you use the query option to ask for JSONP (json.wrf), solr does *not* escape them, resulting in content that explodes on contact with browsers. That is, there are certain Unicode characters that are valid JSON but invalid in Javascript source, and a JSONP response is javascript source, to be incorporated in an HTML script tag. Further investigation suggests that only one character is a problem here: U+2029 must be represented as \u2029 instead of left 'as-is'.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
[jira] [Commented] (SOLR-2520) JSONResponseWriter w/json.wrf can
produce invalid javascript depending on unicode chars in response data
Posted by "Yonik Seeley (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SOLR-2520?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13034197#comment-13034197 ]
Yonik Seeley commented on SOLR-2520:
------------------------------------
It looks like we already escape \u2028 (see SOLR-1936), so we should just do the same for \u2029?
> JSONResponseWriter w/json.wrf can produce invalid javascript depending on unicode chars in response data
> --------------------------------------------------------------------------------------------------------
>
> Key: SOLR-2520
> URL: https://issues.apache.org/jira/browse/SOLR-2520
> Project: Solr
> Issue Type: Bug
> Affects Versions: 4.0
> Reporter: Benson Margulies
>
> Please see http://timelessrepo.com/json-isnt-a-javascript-subset.
> If a stored field contains invalid Javascript characters, and you use the query option to ask for jsonp, solr does *not* escape some invalid Unicode characters, resulting in strings that explode on contact with browsers.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
[jira] [Commented] (SOLR-2520) Solr creates invalid jsonp strings
Posted by "Hoss Man (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SOLR-2520?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13034151#comment-13034151 ]
Hoss Man commented on SOLR-2520:
--------------------------------
I'm confused here: As far as i can tell, the JSONResponseWriter does in fact output valid JSON (the link mentioned points out that there are control characters valid in JSON which are not valid in javascript, but that's what the response writer produces -- JSON) ... so what is the bug?
And what do you mean by "the query option to ask for jsonp" ? ... i don't see that option in the JSONResponseWriter
(is this bug about some third party response writer?)
> Solr creates invalid jsonp strings
> ----------------------------------
>
> Key: SOLR-2520
> URL: https://issues.apache.org/jira/browse/SOLR-2520
> Project: Solr
> Issue Type: Bug
> Affects Versions: 4.0
> Reporter: Benson Margulies
>
> Please see http://timelessrepo.com/json-isnt-a-javascript-subset.
> If a stored field contains invalid Javascript characters, and you use the query option to ask for jsonp, solr does *not* escape some invalid Unicode characters, resulting in strings that explode on contact with browsers.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
[jira] [Updated] (SOLR-2520) JSONResponseWriter w/json.wrf can
produce invalid javascript depending on unicode chars in response data
Posted by "Benson Margulies (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SOLR-2520?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Benson Margulies updated SOLR-2520:
-----------------------------------
Description:
Please see http://timelessrepo.com/json-isnt-a-javascript-subset.
If a stored field contains Unicode characters that are valid in Json but not valid in Javascript, and you use the query option to ask for jsonp (json.wrt), solr does *not* escape them characters, resulting in content that explodes on contact with browsers. That is, there are certain Unicode characters that are valid JSON but invalid in Javascript source, and a JSONP response is javascript source, to be incorporated in an HTML script tag.
was:
Please see http://timelessrepo.com/json-isnt-a-javascript-subset.
If a stored field contains invalid Javascript characters, and you use the query option to ask for jsonp, solr does *not* escape some invalid Unicode characters, resulting in strings that explode on contact with browsers.
> JSONResponseWriter w/json.wrf can produce invalid javascript depending on unicode chars in response data
> --------------------------------------------------------------------------------------------------------
>
> Key: SOLR-2520
> URL: https://issues.apache.org/jira/browse/SOLR-2520
> Project: Solr
> Issue Type: Bug
> Affects Versions: 4.0
> Reporter: Benson Margulies
> Attachments: SOLR-2520.patch
>
>
> Please see http://timelessrepo.com/json-isnt-a-javascript-subset.
> If a stored field contains Unicode characters that are valid in Json but not valid in Javascript, and you use the query option to ask for jsonp (json.wrt), solr does *not* escape them characters, resulting in content that explodes on contact with browsers. That is, there are certain Unicode characters that are valid JSON but invalid in Javascript source, and a JSONP response is javascript source, to be incorporated in an HTML script tag.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
[jira] [Updated] (SOLR-2520) JSONResponseWriter w/json.wrf can
produce invalid javascript depending on unicode chars in response data
Posted by "Benson Margulies (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SOLR-2520?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Benson Margulies updated SOLR-2520:
-----------------------------------
Description:
Please see http://timelessrepo.com/json-isnt-a-javascript-subset.
If a stored field contains Unicode characters that are valid in Json but not valid in Javascript, and you use the query option to ask for JSONP (json.wrf), solr does *not* escape them, resulting in content that explodes on contact with browsers. That is, there are certain Unicode characters that are valid JSON but invalid in Javascript source, and a JSONP response is javascript source, to be incorporated in an HTML script tag. Further investigation suggests that only one character is a problem here: U+2029 must be represented as \u2029 instead of left 'as-is'.
was:
Please see http://timelessrepo.com/json-isnt-a-javascript-subset.
If a stored field contains Unicode characters that are valid in Json but not valid in Javascript, and you use the query option to ask for jsonp (json.wrt), solr does *not* escape them characters, resulting in content that explodes on contact with browsers. That is, there are certain Unicode characters that are valid JSON but invalid in Javascript source, and a JSONP response is javascript source, to be incorporated in an HTML script tag.
> JSONResponseWriter w/json.wrf can produce invalid javascript depending on unicode chars in response data
> --------------------------------------------------------------------------------------------------------
>
> Key: SOLR-2520
> URL: https://issues.apache.org/jira/browse/SOLR-2520
> Project: Solr
> Issue Type: Bug
> Affects Versions: 4.0
> Reporter: Benson Margulies
> Attachments: SOLR-2520.patch
>
>
> Please see http://timelessrepo.com/json-isnt-a-javascript-subset.
> If a stored field contains Unicode characters that are valid in Json but not valid in Javascript, and you use the query option to ask for JSONP (json.wrf), solr does *not* escape them, resulting in content that explodes on contact with browsers. That is, there are certain Unicode characters that are valid JSON but invalid in Javascript source, and a JSONP response is javascript source, to be incorporated in an HTML script tag. Further investigation suggests that only one character is a problem here: U+2029 must be represented as \u2029 instead of left 'as-is'.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
[jira] [Commented] (SOLR-2520) Solr creates invalid jsonp strings
Posted by "Benson Margulies (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SOLR-2520?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13034159#comment-13034159 ]
Benson Margulies commented on SOLR-2520:
----------------------------------------
Fun happens when you specify something in json.wrf. This demands 'jsonp' instead of json, which results in the result being treated as javascript, not json. wt=json&json.wrf=SOME_PREFIX will cause Solr to respond with
SOME_PREFIX({whatever it was otherwise going to return})
instead of just
{whatever it was otherwise going to return}
If there is then an interesting Unicode character in there, Chrome implodes and firefox quietly rejects.
> Solr creates invalid jsonp strings
> ----------------------------------
>
> Key: SOLR-2520
> URL: https://issues.apache.org/jira/browse/SOLR-2520
> Project: Solr
> Issue Type: Bug
> Affects Versions: 4.0
> Reporter: Benson Margulies
>
> Please see http://timelessrepo.com/json-isnt-a-javascript-subset.
> If a stored field contains invalid Javascript characters, and you use the query option to ask for jsonp, solr does *not* escape some invalid Unicode characters, resulting in strings that explode on contact with browsers.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
[jira] [Updated] (SOLR-2520) JSONResponseWriter w/json.wrf can
produce invalid javascript depending on unicode chars in response data
Posted by "Yonik Seeley (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SOLR-2520?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Yonik Seeley updated SOLR-2520:
-------------------------------
Attachment: SOLR-2520.patch
Here's a patch w/ simple test.
> JSONResponseWriter w/json.wrf can produce invalid javascript depending on unicode chars in response data
> --------------------------------------------------------------------------------------------------------
>
> Key: SOLR-2520
> URL: https://issues.apache.org/jira/browse/SOLR-2520
> Project: Solr
> Issue Type: Bug
> Affects Versions: 4.0
> Reporter: Benson Margulies
> Attachments: SOLR-2520.patch
>
>
> Please see http://timelessrepo.com/json-isnt-a-javascript-subset.
> If a stored field contains invalid Javascript characters, and you use the query option to ask for jsonp, solr does *not* escape some invalid Unicode characters, resulting in strings that explode on contact with browsers.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
[jira] [Commented] (SOLR-2520) JSONResponseWriter w/json.wrf can
produce invalid javascript depending on unicode chars in response data
Posted by "Benson Margulies (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SOLR-2520?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13034187#comment-13034187 ]
Benson Margulies commented on SOLR-2520:
----------------------------------------
I'd vote for the later. I assume that there is some large inventory of people who are currently using json.wrf=foo and who would benefit from the change. However, I have limited context here, so if anyone else knows more about how users are using this stuff I hope they will speak up. Sorry not to have been fully clear on the first attempt.
> JSONResponseWriter w/json.wrf can produce invalid javascript depending on unicode chars in response data
> --------------------------------------------------------------------------------------------------------
>
> Key: SOLR-2520
> URL: https://issues.apache.org/jira/browse/SOLR-2520
> Project: Solr
> Issue Type: Bug
> Affects Versions: 4.0
> Reporter: Benson Margulies
>
> Please see http://timelessrepo.com/json-isnt-a-javascript-subset.
> If a stored field contains invalid Javascript characters, and you use the query option to ask for jsonp, solr does *not* escape some invalid Unicode characters, resulting in strings that explode on contact with browsers.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org