[asp.net] ScriptResourceHandler must correctly encode script literals.

2017cfd6 · Marek Habersack · d38b8f4e · 2017cfd6
隐藏空白更改
内联并排

Showing with 38 addition and 6 deletion

mcs/class/System.Web.Extensions/System.Web.Handlers/ScriptResourceHandler.cs ...b.Extensions/System.Web.Handlers/ScriptResourceHandler.cs +38 -6

未找到文件。
--- a/mcs/class/System.Web.Extensions/System.Web.Handlers/ScriptResourceHandler.cs
+++ b/mcs/class/System.Web.Extensions/System.Web.Handlers/ScriptResourceHandler.cs
@@ -51,12 +51,44 @@ namespace System.Web.Handlers

 		#endregion

-		// TODO: optimize
-		static string GetScriptStringLiteral (string value) {
-			string s = value;
-			s = s.Replace ("\\", "\\\\");
-			s = s.Replace ("\"", "\\\"");
-			return "\"" + s + "\"";
+		// TODO: add value cache?
+		static string GetScriptStringLiteral (string value)
+		{
+			if (String.IsNullOrEmpty (value))
+				return "\"" + value + "\"";
+			
+			var sb = new StringBuilder ("\"");
+			for (int i = 0; i < value.Length; i++) {
+				char ch = value [i];
+				switch (ch) {
+					case '\'':
+						sb.Append ("\\u0027");
+						break;
+
+					case '"':
+						sb.Append ("\\\"");
+						break;
+
+					case '\\':
+						sb.Append ("\\\\");
+						break;
+
+					case '\n':
+						sb.Append ("\\n");
+						break;
+
+					case '\r':
+						sb.Append ("\\r");
+						break;
+
+					default:
+						sb.Append (ch);
+						break;
+				}
+			}
+			sb.Append ("\"");
+			
+			return sb.ToString ();
 		}

 		class ResourceKey