[x3d-public] flaw in CDATACreateFunction in X3DJSONLD (from Andreas Plesch)

Andreas Plesch andreasplesch at gmail.com
Tue Feb 28 06:46:04 PST 2017 

A quick experiment on the firefox console:

> str = "A" + "\n" + "B";
< "A
B"
> str[0]
< "A"
> str[1]
< "
"

perhaps expected that unquoted escaped newline gets unescaped during
concatenation.

Here with quoted escaped newline:

> str = "A" + "'\n'" + "B";
< "A'
'B"
> str[1]
< "'"
> str[2]
< "
"

Perhaps unexpected that the quoted escaped newline still gets unescaped
during concatenation.

So the culprit seems to be string parsing in javascript, and not
necessarily DOMParser.

It therefore seems correct and necessary to escape also the back slash to
prevent js parsing as you are doing now: \\n

-Andreas

PS: Does MS Windows require the return character \r in addition to \n for
some system functions ? If not, it may be better to never generate the \r
character during any conversion (and perhaps globally strip it right after
reading input).



On Tue, Feb 28, 2017 at 3:08 AM, John Carlson <yottzumm at gmail.com> wrote:

> I may throw a few more \\ in for good measure.  Idk.
>
> On Feb 27, 2017 9:09 PM, <yottzumm at gmail.com> wrote:
>
>> I was wrong.  It was in my serverside code.  So now, the serverside code
>> looks like this:
>>
>>
>>
>>         X3DJSONLD.setCDATACreateFunction(function(document, element,
>> str) {
>>
>>                 // for script nodes
>>
>>                 var child = document.createCDATASection(str.replace(/\n'/g,
>> "\\n'"));
>>
>>                 element.appendChild(child);
>>
>>         });
>>
>>
>>
>> FYI for those creating CDATA sections from JSON on the serverside.
>>
>>
>>
>> John
>>
>>
>>
>> Sent from Mail <https://go.microsoft.com/fwlink/?LinkId=550986> for
>> Windows 10
>>
>>
>>
>> *From: *yottzumm at gmail.com
>> *Sent: *Monday, February 27, 2017 8:46 PM
>> *To: *Andreas Plesch <andreasplesch at gmail.com>; X3D Graphics public
>> mailing list <x3d-public at web3d.org>
>> *Subject: *flaw in CDATACreateFunction in X3DJSONLD (from Andreas Plesch)
>>
>>
>>
>> function CDATACreateFunction(document, element, str) {
>>
>>         var domParser = new DOMParser();
>>
>>         var cdataStr = '<script> <![CDATA[ ' + str + ' ]]> </script>'; //
>> has to be wrapped into an element
>>
>>         var scriptDoc = domParser .parseFromString (cdataStr,
>> 'application/xml');
>>
>>         var cdata = scriptDoc .children[0] .childNodes[1]; // space after
>> script is childNode[0]
>>
>>         element .appendChild(cdata);
>>
>> }
>>
>>
>>
>> If calling CDATACreateFunction(document, element,
>> object[key].join("\r\n")+"\r\n");  like this, you may run into some
>> difficulty when the DOM gets written out to XML or perhaps placed in a web
>> page.  Namly, this:
>>
>>
>>
>> "#sourceText":[
>>
>> "ecmascript:",
>>
>> "function set_position (value)",
>>
>> "{",
>>
>> "\tholdPosition=value;",
>>
>> "}",
>>
>> "function set_rotation (value)",
>>
>> "{",
>>
>> "\tBrowser.print ('Internal position=' + holdPosition.toString() + ' ,
>> internal rotation=' + value.toString() + '\n');",
>>
>> "}"
>>
>> ]
>>
>>
>>
>> Gets translated into this in XML
>>
>>
>>
>> <![CDATA[ecmascript:
>>
>> function set_position (value)
>>
>> {
>>
>>         holdPosition=value;
>>
>> }
>>
>> function set_rotation (value)
>>
>> {
>>
>>         Browser.print ('Internal position=' + holdPosition.toString() + '
>> , internal rotation=' + value.toString() + '
>>
>> ');
>>
>> }
>>
>> ]]>
>>
>>
>>
>> Note that the \n got converted into a newline.
>>
>>
>>
>> I am working on this issue.
>>
>>
>>
>> John
>>
>>
>>
>>
>>
>


-- 
Andreas Plesch
39 Barbara Rd.
Waltham, MA 02453
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://web3d.org/pipermail/x3d-public_web3d.org/attachments/20170228/d30d9418/attachment-0001.html>

More information about the x3d-public mailing list