Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions java/src/org/openqa/selenium/json/JsonInput.java
Original file line number Diff line number Diff line change
Expand Up @@ -585,6 +585,12 @@ private String readString() {
readEscape(builder);
break;
default:
// RFC 8259 §7: characters U+0000..U+001F MUST be escaped.
if (c < 0x20) {
throw new JsonException(
String.format(
"Illegal unescaped control character U+%04X in string. %s", c, input));
}
builder.append((char) c);
}
}
Expand Down
16 changes: 16 additions & 0 deletions java/test/org/openqa/selenium/json/JsonInputTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -309,6 +309,22 @@ void shouldReadU_FFFF_AsALiteralCharacterAndNotEndOfInput() {
}
}

@Test
void shouldRejectUnescapedControlCharactersInStrings() {
// RFC 8259 §7: characters U+0000..U+001F MUST be escaped in JSON strings.
// A literal newline / tab / etc. inside quotes is not valid JSON.
try (JsonInput input = newInput("\"a\nb\"")) {
assertThatExceptionOfType(JsonException.class)
.isThrownBy(input::nextString)
.withMessageStartingWith("Illegal unescaped control character");
}

// Escaped equivalents are still fine.
try (JsonInput input = newInput("\"a\\nb\"")) {
assertThat(input.nextString()).isEqualTo("a\nb");
}
}

@Test
void nullInputsShouldCoerceAsNullValues() throws IOException {
try (InputStream is = new ByteArrayInputStream(new byte[0]);
Expand Down
Loading