Page MenuHomePhabricator
Files F15385749

D13787.id33301.diff
No OneTemporary
Actions

D13787.id33301.diff
View Options

diff --git a/src/parser/PhutilJSON.php b/src/parser/PhutilJSON.php
--- a/src/parser/PhutilJSON.php
+++ b/src/parser/PhutilJSON.php
@@ -24,6 +24,17 @@
}
+ /**
+ * Encode a list in JSON and pretty-print it, discarding keys.
+ *
+ * @param list<wild> List to encode in JSON.
+ * @return string Pretty-printed list representation.
+ */
+ public function encodeAsList(array $list) {
+ return $this->encodeFormattedArray($list, 0)."\n";
+ }
+
+
/* -( Internals )---------------------------------------------------------- */
@@ -113,7 +124,15 @@
return $this->encodeFormattedObject($value, $depth);
}
} else {
- return json_encode($value);
+ if (defined('JSON_UNESCAPED_SLASHES')) {
+ // If we have a new enough version of PHP, disable escaping of slashes
+ // when pretty-printing values. Escaping slashes can defuse an attack
+ // where the attacker embeds "</script>" inside a JSON string, but that
+ // isn't relevant when rendering JSON for human viewers.
+ return json_encode($value, JSON_UNESCAPED_SLASHES);
+ } else {
+ return json_encode($value);
+ }
}
}

File Metadata

Mime Type
text/plain
Expires
Sat, Mar 15, 11:18 PM (1 w, 4 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
7704402
Default Alt Text
D13787.id33301.diff (1 KB)

Event Timeline

Phabricator · Built by Phacility