expvar: Ensure strings are written as valid JSON.

Change-Id: I5147dbf4e85cf42cd1f32c57861e4c16d9dbd049
Reviewed-on: https://go-review.googlesource.com/21529
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Andrew Gerrand <adg@golang.org>

diff --git a/src/expvar/expvar.go b/src/expvar/expvar.go
index 1ec85006b4de92cf82096098fb236e68d0595988..b7ea433014b9dcd43cca532de22890e8ab72041d 100644 (file)
--- a/src/expvar/expvar.go
+++ b/src/expvar/expvar.go
@@ -219,8 +219,10 @@ type String struct {
 
 func (v *String) String() string {
        v.mu.RLock()
-       defer v.mu.RUnlock()
-       return strconv.Quote(v.s)
+       s := v.s
+       v.mu.RUnlock()
+       b, _ := json.Marshal(s)
+       return string(b)
 }
 
 func (v *String) Set(value string) {

diff --git a/src/expvar/expvar_test.go b/src/expvar/expvar_test.go
index 385fea81adbba98fa8467a716b1c19e8dc933dd0..7b1c9dfc4f872476b5ee7dfb76d909dc26172c53 100644 (file)
--- a/src/expvar/expvar_test.go
+++ b/src/expvar/expvar_test.go
@@ -142,8 +142,14 @@ func TestString(t *testing.T) {
                t.Errorf("name.s = %q, want \"Mike\"", name.s)
        }
 
-       if s := name.String(); s != "\"Mike\"" {
-               t.Errorf("reqs.String() = %q, want \"\"Mike\"\"", s)
+       if s, want := name.String(), `"Mike"`; s != want {
+               t.Errorf("from %q, name.String() = %q, want %q", name.s, s, want)
+       }
+
+       // Make sure we produce safe JSON output.
+       name.Set(`<`)
+       if s, want := name.String(), "\"\\u003c\""; s != want {
+               t.Errorf("from %q, name.String() = %q, want %q", name.s, s, want)
        }
 }