fix(serialize-json): prevent json injection via malicious comments
This commit is contained in:
parent
615ff12c27
commit
7bcde68b9f
|
@ -182,7 +182,10 @@ public class JsonWriter extends SerializeWriter<IOException, JsonWriter> impleme
|
||||||
private void writeDeferredComment() throws IOException {
|
private void writeDeferredComment() throws IOException {
|
||||||
if (!deferredComments.isEmpty()) {
|
if (!deferredComments.isEmpty()) {
|
||||||
if (newline.isEmpty()) {
|
if (newline.isEmpty()) {
|
||||||
out.append("/* ").append(String.join(" / ", deferredComments)).append(" */");
|
out.append("/* ")
|
||||||
|
.append(String.join(" / ", deferredComments)
|
||||||
|
.replace("*/", "#/"))
|
||||||
|
.append(" */");
|
||||||
} else {
|
} else {
|
||||||
boolean first = true;
|
boolean first = true;
|
||||||
for (String s : deferredComments) {
|
for (String s : deferredComments) {
|
||||||
|
|
Loading…
Reference in New Issue