tracker issue : CF-4136028

select a category, or use search below
(searches all categories and all time range)

serializeJSON() doesn't escape control characters

| View in Tracker

Status/Resolution/Reason: Closed/Fixed/

Reporter/Name(from Bugbase): Bradley Wood / Bradley Wood (Bradley Wood)

Created: 04/05/2016

Components: Serialization

Versions: 10.0

Failure Type: Data Corruption

Found In Build/Fixed In Build: CF2016_Final /

Priority/Frequency: Normal / All users will encounter

Locale/System: English / Windows 7 SP1 64-bit

Vote Count: 8

Listed in the version 2016.0.03.300466 Issues Fixed doc
As reported by Sean Corfield in CFML Slack

Problem Description:
serializeJSON() doesn't escape control characters

Steps to Reproduce:

writedump(serializeJSON("I don" & chr(18) & "t know!"));

Actual Result:

"I dont know!"

Expected Result:

"I don\u0012t know!"

Any Workarounds:

Use another serializer.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	4136028

External Customer Info:
External Company:  
External Customer Name: Bradley Wood
External Customer Email:  
External Test Config: My Hardware and Environment details:



This additional information: ASCII values 0x00-0x1F and 0x7F should be encoded as "\u00nn"
Comment by External U.
3139 | April 05, 2016 10:37:55 PM GMT
Same ticket for Lucee Server:
Comment by External U.
3140 | April 05, 2016 10:39:48 PM GMT
If you're relying on serializeJSON() to send data to an iOS app, this will break the app since it won't accept invalid JSON (and having control characters in JSON is *invalid* per spec!).
Vote by External U.
3142 | April 05, 2016 10:40:08 PM GMT
Getting JSON right is the most important thing.
Vote by External U.
3143 | April 06, 2016 11:35:22 AM GMT
I agree that a top priority should be the ability to output json correctly.
Vote by External U.
3144 | April 06, 2016 12:30:21 PM GMT
JSON, JSON, my kingdom for some working JSON!!!
Vote by External U.
3145 | April 06, 2016 01:29:06 PM GMT
Need to be fixed. Json clean serilisation is important. Break a lot of stuff
Vote by External U.
3146 | April 07, 2016 07:42:18 AM GMT
+1 - Of course it should be fixed.
Vote by External U.
3147 | April 20, 2016 02:47:41 AM GMT
Fix this now, please
Vote by External U.
3148 | May 09, 2016 09:43:02 PM GMT
Escaping control characters (0x00-0x1F & 0x7F) with its unicode sequences (\u00nn) except few special characters in this character space which are already getting escaped. \b Backspace (ascii code 08) \f Form feed (ascii code 0C) \n New line (0A) \r Carriage return (0D) \t Tab (09) Thanks, Pavan.
Comment by S V.
3141 | August 25, 2016 02:37:13 AM GMT