[x3d-public] flaw in CDATACreateFunction in X3DJSONLD (from Andreas Plesch)

Yves Piguet yves.piguet at gmail.com
Tue Feb 28 13:24:05 PST 2017


The single quote doesn't escape anything in JavaScript. String concatenation doesn't encode or decode anything. How Firefox and Chrome display strings in the console can be misleading (quoted stuff which looks remotely like string literal, but without escape sequences), but isn't important.

Yves

> On 28 Feb 2017, at 15:46, Andreas Plesch <andreasplesch at gmail.com> wrote:
> 
> A quick experiment on the firefox console:
> 
> > str = "A" + "\n" + "B";
> < "A
> B"
> > str[0]
> < "A"
> > str[1]
> < "
> "
> 
> perhaps expected that unquoted escaped newline gets unescaped during concatenation.
> 
> Here with quoted escaped newline:
> 
> > str = "A" + "'\n'" + "B";
> < "A'
> 'B"
> > str[1]
> < "'"
> > str[2]
> < "
> "
> 
> Perhaps unexpected that the quoted escaped newline still gets unescaped during concatenation.
> 
> So the culprit seems to be string parsing in javascript, and not necessarily DOMParser.
> 
> It therefore seems correct and necessary to escape also the back slash to prevent js parsing as you are doing now: \\n
> 
> -Andreas





More information about the x3d-public mailing list