From 4a85237faf0aa04ef603ed2ec599b9508eb0917f Mon Sep 17 00:00:00 2001 From: sunxingbo Date: Tue, 20 Jul 2021 22:38:37 +0800 Subject: [PATCH 1/5] fix json marshal in http request --- client/httplib/httplib.go | 19 ++++++++++++++++++- client/httplib/httplib_test.go | 11 +++++++++++ client/httplib/setting.go | 2 ++ 3 files changed, 31 insertions(+), 1 deletion(-) diff --git a/client/httplib/httplib.go b/client/httplib/httplib.go index ca643b33..34ddd1da 100644 --- a/client/httplib/httplib.go +++ b/client/httplib/httplib.go @@ -258,6 +258,12 @@ func (b *BeegoHTTPRequest) AddFilters(fcs ...FilterChain) *BeegoHTTPRequest { return b } +// SetEscapeHTML is used to set the flag whether escape HTML special characters during processing +func (b *BeegoHTTPRequest) SetEscapeHTML(isEscape bool) *BeegoHTTPRequest { + b.setting.EscapeHTML = isEscape + return b +} + // Param adds query param in to request. // params build query string as ?key1=value1&key2=value2... func (b *BeegoHTTPRequest) Param(key, value string) *BeegoHTTPRequest { @@ -334,7 +340,7 @@ func (b *BeegoHTTPRequest) YAMLBody(obj interface{}) (*BeegoHTTPRequest, error) // JSONBody adds the request raw body encoded in JSON. func (b *BeegoHTTPRequest) JSONBody(obj interface{}) (*BeegoHTTPRequest, error) { if b.req.Body == nil && obj != nil { - byts, err := json.Marshal(obj) + byts, err := b.Marshal(obj) if err != nil { return b, berror.Wrap(err, InvalidJSONBody, "obj could not be converted to JSON body") } @@ -345,6 +351,17 @@ func (b *BeegoHTTPRequest) JSONBody(obj interface{}) (*BeegoHTTPRequest, error) return b, nil } +func (b *BeegoHTTPRequest) Marshal(obj interface{}) ([]byte, error) { + bf := bytes.NewBuffer([]byte{}) + jsonEncoder := json.NewEncoder(bf) + jsonEncoder.SetEscapeHTML(b.setting.EscapeHTML) + err := jsonEncoder.Encode(obj) + if err != nil { + return nil, err + } + return bf.Bytes(), nil +} + func (b *BeegoHTTPRequest) buildURL(paramBody string) { // build GET url with query string if b.req.Method == "GET" && len(paramBody) > 0 { diff --git a/client/httplib/httplib_test.go b/client/httplib/httplib_test.go index 2210b646..1f30a778 100644 --- a/client/httplib/httplib_test.go +++ b/client/httplib/httplib_test.go @@ -18,6 +18,7 @@ import ( "bytes" "context" "errors" + "fmt" "io/ioutil" "net" "net/http" @@ -435,3 +436,13 @@ func TestBeegoHTTPRequestXMLBody(t *testing.T) { // TODO func TestBeegoHTTPRequestResponseForValue(t *testing.T) { } + +func TestBeegoHTTPRequestMarshal(t *testing.T) { + req := Post("http://beego.me") + req.SetEscapeHTML(false) + body := map[string]interface{} { + "escape": "left&right", + } + b, _ := req.Marshal(body) + assert.Equal(t,fmt.Sprintf(`{"escape":"left&right"}%s`, "\n"), string(b)) +} diff --git a/client/httplib/setting.go b/client/httplib/setting.go index fa034413..3d8d195c 100644 --- a/client/httplib/setting.go +++ b/client/httplib/setting.go @@ -37,6 +37,7 @@ type BeegoHTTPSettings struct { Retries int // if set to -1 means will retry forever RetryDelay time.Duration FilterChains []FilterChain + EscapeHTML bool // if set to false means will not escape escape HTML special characters during processing, default true } // createDefaultCookie creates a global cookiejar to store cookies. @@ -66,6 +67,7 @@ var defaultSetting = BeegoHTTPSettings{ ReadWriteTimeout: 60 * time.Second, Gzip: true, FilterChains: make([]FilterChain, 0, 4), + EscapeHTML: true, } var ( From efd710a6523cf9e18d1fc4aac4d1caeeba4f8658 Mon Sep 17 00:00:00 2001 From: Sun XingBo Date: Thu, 22 Jul 2021 13:07:17 +0800 Subject: [PATCH 2/5] rename Marshal to JSONMarshal --- client/httplib/httplib.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/client/httplib/httplib.go b/client/httplib/httplib.go index 34ddd1da..5be4598b 100644 --- a/client/httplib/httplib.go +++ b/client/httplib/httplib.go @@ -340,7 +340,7 @@ func (b *BeegoHTTPRequest) YAMLBody(obj interface{}) (*BeegoHTTPRequest, error) // JSONBody adds the request raw body encoded in JSON. func (b *BeegoHTTPRequest) JSONBody(obj interface{}) (*BeegoHTTPRequest, error) { if b.req.Body == nil && obj != nil { - byts, err := b.Marshal(obj) + byts, err := b.JSONMarshal(obj) if err != nil { return b, berror.Wrap(err, InvalidJSONBody, "obj could not be converted to JSON body") } @@ -351,7 +351,7 @@ func (b *BeegoHTTPRequest) JSONBody(obj interface{}) (*BeegoHTTPRequest, error) return b, nil } -func (b *BeegoHTTPRequest) Marshal(obj interface{}) ([]byte, error) { +func (b *BeegoHTTPRequest) JSONMarshal(obj interface{}) ([]byte, error) { bf := bytes.NewBuffer([]byte{}) jsonEncoder := json.NewEncoder(bf) jsonEncoder.SetEscapeHTML(b.setting.EscapeHTML) From d6f939ac0992af0c4a9ef9ca5231c74fc667b331 Mon Sep 17 00:00:00 2001 From: Sun XingBo Date: Thu, 22 Jul 2021 13:14:01 +0800 Subject: [PATCH 3/5] Modify the call of JSONMarshal in the unit test --- client/httplib/httplib_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/client/httplib/httplib_test.go b/client/httplib/httplib_test.go index 1f30a778..58e5a994 100644 --- a/client/httplib/httplib_test.go +++ b/client/httplib/httplib_test.go @@ -437,12 +437,12 @@ func TestBeegoHTTPRequestXMLBody(t *testing.T) { func TestBeegoHTTPRequestResponseForValue(t *testing.T) { } -func TestBeegoHTTPRequestMarshal(t *testing.T) { +func TestBeegoHTTPRequestJSONMarshal(t *testing.T) { req := Post("http://beego.me") req.SetEscapeHTML(false) body := map[string]interface{} { "escape": "left&right", } - b, _ := req.Marshal(body) + b, _ := req.JSONMarshal(body) assert.Equal(t,fmt.Sprintf(`{"escape":"left&right"}%s`, "\n"), string(b)) } From 14aeb4880fa7589da5a2902a8a0068abfcaf3a6d Mon Sep 17 00:00:00 2001 From: sunxingbo Date: Thu, 22 Jul 2021 14:15:31 +0800 Subject: [PATCH 4/5] format the JSONMarshal unit test --- client/httplib/httplib_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/client/httplib/httplib_test.go b/client/httplib/httplib_test.go index 58e5a994..471be02c 100644 --- a/client/httplib/httplib_test.go +++ b/client/httplib/httplib_test.go @@ -440,9 +440,9 @@ func TestBeegoHTTPRequestResponseForValue(t *testing.T) { func TestBeegoHTTPRequestJSONMarshal(t *testing.T) { req := Post("http://beego.me") req.SetEscapeHTML(false) - body := map[string]interface{} { + body := map[string]interface{}{ "escape": "left&right", } b, _ := req.JSONMarshal(body) - assert.Equal(t,fmt.Sprintf(`{"escape":"left&right"}%s`, "\n"), string(b)) + assert.Equal(t, fmt.Sprintf(`{"escape":"left&right"}%s`, "\n"), string(b)) } From 959adb5f0b7572f57a9b1d56c1662c1976d8eef9 Mon Sep 17 00:00:00 2001 From: sunxingbo Date: Thu, 22 Jul 2021 17:01:57 +0800 Subject: [PATCH 5/5] add a CHANGELOG entry for pull request 4701 --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e0a07cfb..107eabb3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,6 @@ # developing +- Add a custom option for whether to escape HTML special characters when processing http request parameters. [4701](https://github.com/beego/beego/pull/4701) - Always set the response status in the CustomAbort function. [4686](https://github.com/beego/beego/pull/4686) - Add template functions eq,lt to support uint and int compare. [4607](https://github.com/beego/beego/pull/4607) - Migrate tests to GitHub Actions. [4663](https://github.com/beego/beego/issues/4663)