[x3d-public] flaw in CDATACreateFunction in X3DJSONLD (from Andreas Plesch)

Andreas Plesch andreasplesch at gmail.com
Tue Feb 28 14:24:25 PST 2017


Thanks for your input. So is there anything you would recommend with
respect to John's CDATACreateFunction (see thread) ?



On Tue, Feb 28, 2017 at 4:24 PM, Yves Piguet <yves.piguet at gmail.com> wrote:

> The single quote doesn't escape anything in JavaScript. String
> concatenation doesn't encode or decode anything. How Firefox and Chrome
> display strings in the console can be misleading (quoted stuff which looks
> remotely like string literal, but without escape sequences), but isn't
> important.
>
> Yves
>
> > On 28 Feb 2017, at 15:46, Andreas Plesch <andreasplesch at gmail.com>
> wrote:
> >
> > A quick experiment on the firefox console:
> >
> > > str = "A" + "\n" + "B";
> > < "A
> > B"
> > > str[0]
> > < "A"
> > > str[1]
> > < "
> > "
> >
> > perhaps expected that unquoted escaped newline gets unescaped during
> concatenation.
> >
> > Here with quoted escaped newline:
> >
> > > str = "A" + "'\n'" + "B";
> > < "A'
> > 'B"
> > > str[1]
> > < "'"
> > > str[2]
> > < "
> > "
> >
> > Perhaps unexpected that the quoted escaped newline still gets unescaped
> during concatenation.
> >
> > So the culprit seems to be string parsing in javascript, and not
> necessarily DOMParser.
> >
> > It therefore seems correct and necessary to escape also the back slash
> to prevent js parsing as you are doing now: \\n
> >
> > -Andreas
>
>
>


-- 
Andreas Plesch
39 Barbara Rd.
Waltham, MA 02453
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://web3d.org/pipermail/x3d-public_web3d.org/attachments/20170228/953b9016/attachment.html>


More information about the x3d-public mailing list