mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-01 19:22:42 +01:00
Fix JSON encoding of PhutilSafeHTML for browser consumption
Summary: If you run this code: json_encode(array('tag' => phutil_tag('div', array()))); ...you get this result, because json_encode() does not call toString() on objects: {"tag":{}} Instead, convert such objects to their underlying strings. Javelin has support for JX.HTML and for implicit conversion (which is kind of sketchy for other reasons) but it's sort of complicated (only happens on Ajax, not behaviors) and messy (not metadata-based), so ignore it for now. We'll need to do something similar for serialization to the database. My plan there is just to throw on any objects. The only time we put HTML in the database is cache-related and those tiny number of callsites can manually handle it. Test Plan: Various ajax things now receive the correct data. Reviewers: vrana Reviewed By: vrana CC: aran Maniphest Tasks: T2432 Differential Revision: https://secure.phabricator.com/D4684
This commit is contained in:
parent
47f2df5f51
commit
fc4cb57357
3 changed files with 31 additions and 3 deletions
11
externals/javelinjs/src/lib/DOM.js
vendored
11
externals/javelinjs/src/lib/DOM.js
vendored
|
@ -87,7 +87,18 @@ JX.$ = function(id) {
|
||||||
JX.install('HTML', {
|
JX.install('HTML', {
|
||||||
|
|
||||||
construct : function(str) {
|
construct : function(str) {
|
||||||
|
if (str instanceof JX.HTML) {
|
||||||
|
this._content = str._content;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if (__DEV__) {
|
if (__DEV__) {
|
||||||
|
if ((typeof str !== 'string') && (!str || !str.match)) {
|
||||||
|
JX.$E(
|
||||||
|
'new JX.HTML(<empty?>): ' +
|
||||||
|
'call initializes an HTML object with an empty value.');
|
||||||
|
}
|
||||||
|
|
||||||
var tags = ['legend', 'thead', 'tbody', 'tfoot', 'column', 'colgroup',
|
var tags = ['legend', 'thead', 'tbody', 'tfoot', 'column', 'colgroup',
|
||||||
'caption', 'tr', 'th', 'td', 'option'];
|
'caption', 'tr', 'th', 'td', 'option'];
|
||||||
var evil_stuff = new RegExp('^\\s*<(' + tags.join('|') + ')\\b', 'i');
|
var evil_stuff = new RegExp('^\\s*<(' + tags.join('|') + ')\\b', 'i');
|
||||||
|
|
|
@ -54,7 +54,21 @@ abstract class AphrontResponse {
|
||||||
return $this;
|
return $this;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function encodeJSONForHTTPResponse(array $object) {
|
public static function processValueForJSONEncoding(&$value, $key) {
|
||||||
|
if ($value instanceof PhutilSafeHTML) {
|
||||||
|
// TODO: Javelin supports implicity conversion of '__html' objects to
|
||||||
|
// JX.HTML, but only for Ajax responses, not behaviors. Just leave things
|
||||||
|
// as they are for now (where behaviors treat responses as HTML or plain
|
||||||
|
// text at their discretion).
|
||||||
|
$value = $value->getHTMLContent();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function encodeJSONForHTTPResponse(array $object) {
|
||||||
|
|
||||||
|
array_walk_recursive(
|
||||||
|
$object,
|
||||||
|
array('AphrontResponse', 'processValueForJSONEncoding'));
|
||||||
|
|
||||||
$response = json_encode($object);
|
$response = json_encode($object);
|
||||||
|
|
||||||
|
|
|
@ -128,7 +128,8 @@ final class CelerityStaticResourceResponse {
|
||||||
public function renderHTMLFooter() {
|
public function renderHTMLFooter() {
|
||||||
$data = array();
|
$data = array();
|
||||||
if ($this->metadata) {
|
if ($this->metadata) {
|
||||||
$json_metadata = json_encode($this->metadata);
|
$json_metadata = AphrontResponse::encodeJSONForHTTPResponse(
|
||||||
|
$this->metadata);
|
||||||
$this->metadata = array();
|
$this->metadata = array();
|
||||||
} else {
|
} else {
|
||||||
$json_metadata = '{}';
|
$json_metadata = '{}';
|
||||||
|
@ -164,7 +165,9 @@ final class CelerityStaticResourceResponse {
|
||||||
if (!$group) {
|
if (!$group) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
$onload[] = 'JX.initBehaviors('.json_encode($group).')';
|
$group_json = AphrontResponse::encodeJSONForHTTPResponse(
|
||||||
|
$group);
|
||||||
|
$onload[] = 'JX.initBehaviors('.$group_json.')';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue