From bda2061c9c65c137f78565df6820624e12bfb4b2 Mon Sep 17 00:00:00 2001 From: Jonathan Longman Date: Tue, 9 Nov 2021 09:05:08 -0500 Subject: [PATCH 1/3] test: add json parsing to tests for util --- test/util.js | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/test/util.js b/test/util.js index b0b6dac..b4ee12f 100644 --- a/test/util.js +++ b/test/util.js @@ -3,11 +3,25 @@ var mappingTemplate = require('../'); describe('$util', function() { describe('.escapeJavaScript()', function() { - it ('escapes as javascript string', function() { - var template = '$util.escapeJavaScript($input.path(\'$\'))'; - var result = mappingTemplate({template: template, payload: 'bo"dy'}); + var template = '$util.escapeJavaScript($input.path(\'$\'))'; + var result = mappingTemplate({template: template, payload: 'bo"dy'}); + it ('escapes as javascript string - simple - ${result}', function() { assert.equal(result, 'bo\"dy'); }); + var doc = `{"foo":"${result}"}`; + it (`escapes as javascript string - parse stringify doc - ${doc}`, function() { + // this truly tests whether it is embeddable + var p1 = JSON.parse(doc); // this will fail if not escaped properly + var s1 = JSON.stringify(p1); + assert.equal(s1, doc); + }); + it (`escapes as javascript string - stringify parse doc - ${doc}`, function() { + // this is tautological - it should work always + var s2 = JSON.stringify(doc); + var p2 = JSON.parse(s2); + assert.equal(p2, doc); + }); + }); describe('.urlEncode()', function() { it ('encodes to url', function() { From 2745e706159a749e4dafc2c0fb501c986b1026b6 Mon Sep 17 00:00:00 2001 From: "J. Longman" Date: Sun, 7 Nov 2021 19:44:36 -0500 Subject: [PATCH 2/3] fix escapeJavaScript for quotes: double escape the double quote ref: https://github.com/ToQoz/api-gateway-mapping-template/issues/8 double quote the string used in `util.escapeJsonString`. Note, I notice the existing test - https://github.com/jlongman/api-gateway-mapping-template/blob/master/test/util.js#L5 - this would presumably break this test? I may add the test in the original issue to the PR. Thinking about this, maybe this suggests a difference in runtime environments? Will add notes to the issue. --- index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.js b/index.js index 065b4d6..86a34e6 100644 --- a/index.js +++ b/index.js @@ -161,7 +161,7 @@ function base64Decode(x) { // http://www.ecma-international.org/ecma-262/6.0/index.html#sec-quotejsonstring // DO: 2.a -> 2.b -> 2.c -> 2.d var escapeJavaScriptTable = { - '"': '\"', // 2.a + '"': '\\"', // 2.a '\\': '\\\\', '\b': '\\b', // 2.b (skip abbrev) '\f': '\\f', From 6304feb889a3666639ffc10fea55a6b340364207 Mon Sep 17 00:00:00 2001 From: Jonathan Longman Date: Tue, 9 Nov 2021 09:26:36 -0500 Subject: [PATCH 3/3] test: fix test to reflect correct escaping --- test/util.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/util.js b/test/util.js index b4ee12f..2c03143 100644 --- a/test/util.js +++ b/test/util.js @@ -5,8 +5,8 @@ describe('$util', function() { describe('.escapeJavaScript()', function() { var template = '$util.escapeJavaScript($input.path(\'$\'))'; var result = mappingTemplate({template: template, payload: 'bo"dy'}); - it ('escapes as javascript string - simple - ${result}', function() { - assert.equal(result, 'bo\"dy'); + it (`escapes as javascript string - simple - ${result}`, function() { + assert.equal(result, 'bo\\"dy'); }); var doc = `{"foo":"${result}"}`; it (`escapes as javascript string - parse stringify doc - ${doc}`, function() {