You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Pascal Schumacher (JIRA)" <ji...@apache.org> on 2016/10/19 15:24:58 UTC
[jira] [Closed] (LANG-1180) StringEscapeUtils.escapeEcmaScript
incorrectly handles single-quotes
[ https://issues.apache.org/jira/browse/LANG-1180?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pascal Schumacher closed LANG-1180.
-----------------------------------
> StringEscapeUtils.escapeEcmaScript incorrectly handles single-quotes
> --------------------------------------------------------------------
>
> Key: LANG-1180
> URL: https://issues.apache.org/jira/browse/LANG-1180
> Project: Commons Lang
> Issue Type: Bug
> Affects Versions: 3.4
> Reporter: Dan Wallach
> Priority: Minor
>
> The following code illustrates the problem:
> {noformat}
> public void testEscapes() {
> String ecmaSingleEscape = StringEscapeUtils.escapeEcmaScript("X'Y");
> String ecmaDoubleEscape = StringEscapeUtils.escapeEcmaScript("X\"Y");
> assertEquals("X\\\"Y", ecmaDoubleEscape); // works correctly
> assertEquals("X'Y", ecmaSingleEscape); // incorrectly inserts a backslash
> }
> {noformat}
> According to json.org, single-quote is not a valid character for being backslash-escaped in a string. The only valid backslash escapes are:
> \"
> \\
> \/
> \b
> \f
> \n
> \r
> \t
> \u four-hex-digits
> Digging deeper, it seems that this is a difference between JSON (single-quote must not be escaped, since strings can only be delimited with double-quotes) and JavaScript (single-quote can be escaped because strings can also be delimited with single-quotes). This suggests that you really want two different versions of escapeEcmaScript -- one focused on JSON and the other focuses on the broader JavaScript language.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)