-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JSONPointer should not process reverse solidus or double-quote chars in tokens #588
JSONPointer should not process reverse solidus or double-quote chars in tokens #588
Conversation
…kslashes (\) and quotes(") as anything special
What problem does this code solve? Risks Changes to the API? Will this require a new release? Should the documentation be updated? Does it break the unit tests? Was any code refactored in this commit? Review status |
@erosb @jimblackler @johnjaylward Please comment if you have any thoughts or concerns. |
Section 5 of the RFC states: https://tools.ietf.org/html/rfc6901#section-5
So, I take this to mean that the current implementation may be correct. See the continuation of section 5 for a test document and test cases. |
@fossterer , can you add an explicit test case that matches the ones in the RFC? Given the document here: https://github.com/stleary/JSON-java/blob/master/src/test/resources/jsonpointer-testdoc.json (which I believe matches the RFC at a glance)
And this one (because GitHub doesn't like the
The paths are expressed as JSON strings, not Java strings. so |
Update my previous comment. Also @fossterer, if some of these test cases already exist, can you confirm that they are working as expected? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, after reading through the comments by @jimblackler in #563 and re-reading the RFC section 5 a few times, I'm reaching the conclusion that the escape
and unescape
functions in JSONPointer
are wrong, and this PR corrects them.
Test cases like this one:
@Test
public void quotationEscaping() {
assertSame(document.get("k\"l"), query("/k\\\\\\\"l"));
}
are essentially double escaping the "query" string. The RFC states that the query only needs to be escaped when stored as JSON. For the purpose of the test, the query is not a JSON String and is instead a Java String, and should not have the escaping applied.
The above test should be changed to (as provided in this PR):
@Test
public void quotationEscaping() {
assertSame(document.get("k\"l"), query("/k\"l"));
}
As such, I'm giving my stamp of approval for this PR and I believe it matches the "the bug is worse than the fix" requirement.
@stleary can we try to get this in the next release too? @jimblackler has been waiting on it for a while now. |
We can include it in the release at the end of this week. I would still like to give @erosb a few more days to respond, as he is the original JSONPointer author. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed, based on section 3 and 5 of RFC 6901, this is the correct behavior. Thanks for the fix.
Merging the code but someone needs to complete the unit tests per the comments in this PR, before the next release. |
@stleary All the tests indicated by @johnjaylward exist already in the test suite! Reading from the highlighted line you can spot all the |
Thanks for taking the time to double check. |
Thanks for pointing this out, I will confirm. |
Some of the tests exist, some do not. Most of the tests do not clearly call out the expected result. For example, if both document.get() and query() return the same incorrect result, the test will not catch it. Will open an issue to track this to completion. |
backslashes(\) and quotes(") are not to be treated any special by JSONPointer