1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-01 19:22:42 +01:00

Fix JSON encoding of PhutilSafeHTML for browser consumption

Summary:
If you run this code:

  json_encode(array('tag' => phutil_tag('div', array())));

...you get this result, because json_encode() does not call toString() on objects:

  {"tag":{}}

Instead, convert such objects to their underlying strings. Javelin has support for JX.HTML and for implicit conversion (which is kind of sketchy for other reasons) but it's sort of complicated (only happens on Ajax, not behaviors) and messy (not metadata-based), so ignore it for now.

We'll need to do something similar for serialization to the database. My plan there is just to throw on any objects. The only time we put HTML in the database is cache-related and those tiny number of callsites can manually handle it.

Test Plan: Various ajax things now receive the correct data.

Reviewers: vrana

Reviewed By: vrana

CC: aran

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4684
This commit is contained in:
epriestley 2013-01-28 18:11:27 -08:00
parent 47f2df5f51
commit fc4cb57357
3 changed files with 31 additions and 3 deletions

View file

@ -87,7 +87,18 @@ JX.$ = function(id) {
JX.install('HTML', { JX.install('HTML', {
construct : function(str) { construct : function(str) {
if (str instanceof JX.HTML) {
this._content = str._content;
return;
}
if (__DEV__) { if (__DEV__) {
if ((typeof str !== 'string') && (!str || !str.match)) {
JX.$E(
'new JX.HTML(<empty?>): ' +
'call initializes an HTML object with an empty value.');
}
var tags = ['legend', 'thead', 'tbody', 'tfoot', 'column', 'colgroup', var tags = ['legend', 'thead', 'tbody', 'tfoot', 'column', 'colgroup',
'caption', 'tr', 'th', 'td', 'option']; 'caption', 'tr', 'th', 'td', 'option'];
var evil_stuff = new RegExp('^\\s*<(' + tags.join('|') + ')\\b', 'i'); var evil_stuff = new RegExp('^\\s*<(' + tags.join('|') + ')\\b', 'i');

View file

@ -54,7 +54,21 @@ abstract class AphrontResponse {
return $this; return $this;
} }
protected function encodeJSONForHTTPResponse(array $object) { public static function processValueForJSONEncoding(&$value, $key) {
if ($value instanceof PhutilSafeHTML) {
// TODO: Javelin supports implicity conversion of '__html' objects to
// JX.HTML, but only for Ajax responses, not behaviors. Just leave things
// as they are for now (where behaviors treat responses as HTML or plain
// text at their discretion).
$value = $value->getHTMLContent();
}
}
public static function encodeJSONForHTTPResponse(array $object) {
array_walk_recursive(
$object,
array('AphrontResponse', 'processValueForJSONEncoding'));
$response = json_encode($object); $response = json_encode($object);

View file

@ -128,7 +128,8 @@ final class CelerityStaticResourceResponse {
public function renderHTMLFooter() { public function renderHTMLFooter() {
$data = array(); $data = array();
if ($this->metadata) { if ($this->metadata) {
$json_metadata = json_encode($this->metadata); $json_metadata = AphrontResponse::encodeJSONForHTTPResponse(
$this->metadata);
$this->metadata = array(); $this->metadata = array();
} else { } else {
$json_metadata = '{}'; $json_metadata = '{}';
@ -164,7 +165,9 @@ final class CelerityStaticResourceResponse {
if (!$group) { if (!$group) {
continue; continue;
} }
$onload[] = 'JX.initBehaviors('.json_encode($group).')'; $group_json = AphrontResponse::encodeJSONForHTTPResponse(
$group);
$onload[] = 'JX.initBehaviors('.$group_json.')';
} }
} }