I've elected to omit escaping the output of Marshalers for now.
I haven't thought through the implications of that;
I suspect that double escaping might be the undoing of that idea.
Fixes #3127.
R=golang-dev, r
CC=golang-dev
https://golang.org/cl/
5694098
Old: "*des.TripleDESCipher",
New: "cipher.Block",
},
+ {
+ OldImport: "encoding/json",
+ NewImport: "",
+ Old: "json.MarshalForHTML",
+ New: "json.Marshal",
+ },
{
OldImport: "net/url",
NewImport: "",
import (
"crypto/aes"
"crypto/des"
+ "encoding/json"
"net/url"
"os"
"runtime"
_ *aes.Cipher
_ *des.Cipher
_ *des.TripleDESCipher
+ _ = json.MarshalForHTML
_ = aes.New()
_ = url.Parse
_ = url.ParseWithReference
import (
"crypto/aes"
"crypto/cipher"
+ "encoding/json"
"net/url"
"runtime"
"syscall"
_ cipher.Block
_ cipher.Block
_ cipher.Block
+ _ = json.Marshal
_ = aes.New()
_ = url.Parse
_ = url.Parse
}
}
-func TestHTMLEscape(t *testing.T) {
- b, err := MarshalForHTML("foobarbaz<>&quux")
- if err != nil {
- t.Fatalf("MarshalForHTML error: %v", err)
- }
- if !bytes.Equal(b, []byte(`"foobarbaz\u003c\u003e\u0026quux"`)) {
- t.Fatalf("Unexpected encoding of \"<>&\": %s", b)
- }
-}
-
// WrongString is a struct that's misusing the ,string modifier.
type WrongString struct {
Message string `json:"result,string"`
return buf.Bytes(), nil
}
-// MarshalForHTML is like Marshal but applies HTMLEscape to the output.
-func MarshalForHTML(v interface{}) ([]byte, error) {
- b, err := Marshal(v)
- if err != nil {
- return nil, err
- }
- var buf bytes.Buffer
- HTMLEscape(&buf, b)
- return buf.Bytes(), nil
-}
-
// HTMLEscape appends to dst the JSON-encoded src with <, >, and &
// characters inside string literals changed to \u003c, \u003e, \u0026
// so that the JSON will be safe to embed inside HTML <script> tags.