std/encoding/json: fix HTML escape handling

mertcandav · mertcandav · commit 315ed1fef2b8 · 2025-05-14T19:22:58.000+03:00
diff --git a/std/encoding/json/decode.jule b/std/encoding/json/decode.jule
@@ -785,7 +785,7 @@ impl jsonDecoder {
 //	Structs:
 //		Decode as JSON objects with only visible fields of struct.
 //
-//		The private and anonymous fields will be igored.
+//		The private and anonymous fields will be ignored.
 //		If the field is public, the field name will be used.
 //		If the field have a json tag, the json tag will be used even if field is private or anonymous.
 //		If the field have json tag but it is duplicate, the field will be ignored.
diff --git a/std/encoding/json/encode.jule b/std/encoding/json/encode.jule
@@ -245,14 +245,18 @@ impl jsonEncoder {
 					const match {
 					| i > 0:
 						self.buf.writeByte(',')
-					}
-					const match {
-					| i > 0 && useIndent:
-						self.total += self.depth * self.indent
-						self.buf.writeByte('\n')
+						const match {
+						| useIndent:
+							self.total += self.depth * self.indent
+							self.buf.writeByte('\n')
+						}
 					}
 					self.buf.writeStr("\"")
-					self.buf.writeStr(name)
+					if self.escapeHTML {
+						appendHTMLEscape(self.buf, unsafe::StrBytes(name))
+					} else {
+						self.buf.writeStr(name)
+					}
 					self.buf.writeStr("\":")
 					const fieldValue = vt.FieldByIndex(i)
 					comptime::TypeAlias(fieldType, fieldValue.Type())
@@ -276,7 +280,6 @@ impl jsonEncoder {
 	fn encodeMap[T, Flag](mut self, &t: T)! {
 		const tt = comptime::TypeOf(T)
 		const keyT = tt.Key()
-		const valT = tt.Value()
 		match keyT.Kind() {
 		| comptime::Str
 		| comptime::Int
@@ -298,7 +301,6 @@ impl jsonEncoder {
 			self.encodeNil()
 			ret
 		}
-		const quoted = keyT.Kind() == comptime::Str
 		const useIndent = comptime::TypeOf(Flag) == comptime::TypeOf(encodeIndent)
 		self.buf.writeByte('{')
 		const match {
@@ -308,7 +310,6 @@ impl jsonEncoder {
 			self.buf.writeByte('\n')
 		}
 		mut first := true
-		comptime::TypeAlias(keyType, tt.Key())
 		comptime::TypeAlias(valType, tt.Value())
 		for k, v in t {
 			if !first {
@@ -322,14 +323,8 @@ impl jsonEncoder {
 			// No need to check Flag. The key type cannot be/include
 			// indentation-sensitive type. Look at this function's
 			// implementation to see match-type conditions for the key type.
-			const match {
-			| quoted:
-				self.encode[keyType, Flag](k) else { error(error) }
-			|:
-				self.buf.writeByte('"')
-				self.encode[keyType, Flag](k) else { error(error) }
-				self.buf.writeByte('"')
-			}
+			key := resolveKeyName(k)
+			self.encodeStr(key)
 			self.buf.writeByte(':')
 			const match {
 			| useIndent:
@@ -528,7 +523,7 @@ fn encoder(): jsonEncoder {
 //	Structs:
 //		Encode as JSON objects with only visible fields of struct.
 //
-//		The private and anonymous fields will be igored.
+//		The private and anonymous fields will be ignored.
 //		If the field is public, the field name will be used.
 //		If the field have a json tag, the json tag will be used even if field is private or anonymous.
 //		If the field have json tag but it is duplicate, the field will be ignored.
@@ -662,4 +657,17 @@ fn isValidTag(s: str): bool {
 		}
 	}
 	ret true
+}
+
+fn resolveKeyName[T](k: T): str {
+	const t = comptime::TypeOf(T)
+	const match t.Kind() {
+	| comptime::Str:
+		ret str(k)
+	| comptime::Int | comptime::I8 | comptime::I16 | comptime::I32 | comptime::I64:
+		ret conv::FormatInt(i64(k), 10)
+	| comptime::Uintptr | comptime::Uint | comptime::U8 | comptime::U16 | comptime::U32 | comptime::U64:
+		ret conv::FormatUint(u64(k), 10)
+	}
+	panic("unexpected map key type")
 }
diff --git a/std/encoding/json/escape.jule b/std/encoding/json/escape.jule
@@ -21,4 +21,34 @@ fn isSafe(b: byte): bool {
 // tags ("<" and ">"), and the ampersand ("&").
 fn isHTMLSafe(b: byte): bool {
 	ret b != '"' && b != '&' && b != '<' && b != '>' && b != '\\' && b > 31
+}
+
+fn appendHTMLEscape(mut &dst: buffer, src: []byte) {
+	// The characters can only appear in string literals,
+	// so just scan the string one byte at a time.
+	mut start := 0
+	for i, c in src {
+		if c == '<' || c == '>' || c == '&' {
+			dst.write(src[start:i])
+			dst.writeByte('\\')
+			dst.writeByte('u')
+			dst.writeByte('0')
+			dst.writeByte('0')
+			dst.writeByte(hex[c>>4])
+			dst.writeByte(hex[c&0xF])
+			start = i + 1
+		}
+		// Convert U+2028 and U+2029 (E2 80 A8 and E2 80 A9).
+		if c == 0xE2 && i+2 < len(src) && src[i+1] == 0x80 && src[i+2]&^1 == 0xA8 {
+			dst.write(src[start:i])
+			dst.writeByte('\\')
+			dst.writeByte('u')
+			dst.writeByte('2')
+			dst.writeByte('0')
+			dst.writeByte('2')
+			dst.writeByte(hex[src[i+2]&0xF])
+			start = i + len("\u2029")
+		}
+	}
+	dst.write(src[start:])
 }
