Merge pull request +7693 from c9/fix/socket

Escape only invalid character sequences in reliable socket
2015-07-02 20:05:55 +02:00 · 2015-07-02 20:05:55 +02:00 · fed39e6811
commit fed39e6811
--- a/node_modules/connect-architect/connect.render.ejs/render-ejs.js
+++ b/node_modules/connect-architect/connect.render.ejs/render-ejs.js
@ -7,7 +7,7 @@ module.exports = function(options, imports, register) {
    imports["connect.render"].registerEngine("ejs", createView);
    
    ejs.filters.JSONToJS = function(obj, indent) {
-        return JSON.stringify(obj, null, indent).replace(/<\/?script|[\u2028\u2029]/ig, function(a) {
+        return JSON.stringify(obj, null, indent).replace(/<\/?script|[\u2028\u2029\ud800-\uDFFF\ufeff]/ig, function(a) {
            var h =  a.charCodeAt(0).toString(16);
            return (h.length == 2 ? "\\x" : "\\u") + h + a.substr(1);
        });
--- a/node_modules/kaefer/lib/reliable_socket.js
+++ b/node_modules/kaefer/lib/reliable_socket.js
@ -64,10 +64,22 @@ Object.defineProperty(ReliableSocket.prototype, "readyState", {
    }
 });

+function utf8escape(str) {
+    return str.replace(/[\ud799-\uDFFF]/g, function(x) {
+        return "\ud799" + String.fromCharCode(x.charCodeAt(0) - 0xd700);
+    });
+}
+
+function utf8unescape(str) {
+    return str.replace(/\ud799./g, function(x) {
+        return String.fromCharCode(x.charCodeAt(1) + 0xd700);
+    });
+}
+
 ReliableSocket.prototype.onMessage = function(msg) {
    if (typeof msg == "string") {
        try {
-            msg = JSON.parse(unescape(msg));
+            msg = JSON.parse(utf8unescape(msg));
        } catch(e) {}
    }
    this.debug && console.log("on message", msg, this.seq);
@ -228,7 +240,7 @@ ReliableSocket.prototype._cancelDelayedAck = function() {
 ReliableSocket.prototype._ack = function() {
    if (this.socket.readyState == "open") {
        this.debug && console.log("send ack", this.recId);
-        this.socket.send(encodeURI(JSON.stringify({
+        this.socket.send(utf8escape(JSON.stringify({
            ack: this.recId
        })));
    }
@ -324,7 +336,7 @@ ReliableSocket.prototype._sendMessage = function(data, type) {
                that._updateRetransmissionTimeout(Date.now() - msg.ts);
        },
        serialize: function() {
-            return escape(JSON.stringify({
+            return utf8escape(JSON.stringify({
                ack: that.recId,
                seq: msg.seq,
                d: data,
--- a/node_modules/kaefer/lib/version.js
+++ b/node_modules/kaefer/lib/version.js
@ -2,6 +2,6 @@ define(function(require, exports, module) {

 // on each backwards incompatible protocol change the version number must be
 // increased
-exports.protocol = 9;
+exports.protocol = 10;

 });