Skip to content

[java] Reject unescaped control characters in JSON strings#17740

Merged
shs96c merged 1 commit into
SeleniumHQ:trunkfrom
shs96c:shs-json-reject-control-chars
Jul 2, 2026
Merged

[java] Reject unescaped control characters in JSON strings#17740
shs96c merged 1 commit into
SeleniumHQ:trunkfrom
shs96c:shs-json-reject-control-chars

Conversation

@shs96c

@shs96c shs96c commented Jul 2, 2026

Copy link
Copy Markdown
Member

RFC 8259 §7 requires characters U+0000..U+001F to be escaped inside JSON strings. readString() previously appended them silently, so a literal newline / tab / etc. between quotes was accepted.

We readString()'s default branch we now throw a JsonException when the character is below U+0020. Escapes (\n, \t, , ...) continue to work.

@selenium-ci selenium-ci added the C-java Java Bindings label Jul 2, 2026
RFC 8259 §7 requires characters U+0000..U+001F to be escaped inside
JSON strings. readString() previously appended them silently, so
inputs containing a literal newline / tab / etc. inside quotes were
accepted.
@shs96c shs96c force-pushed the shs-json-reject-control-chars branch from 857084c to fec8010 Compare July 2, 2026 12:47
@shs96c shs96c marked this pull request as ready for review July 2, 2026 13:12
@qodo-code-review

Copy link
Copy Markdown
Contributor

Qodo is busy working

Check back in a few minutes. Qodo's code review agents are on it.

Grey Divider

@shs96c shs96c merged commit d037099 into SeleniumHQ:trunk Jul 2, 2026
19 of 20 checks passed
@shs96c shs96c deleted the shs-json-reject-control-chars branch July 2, 2026 16:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

C-java Java Bindings

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants