Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ref: added functionality to escapeJSONstrings (ref: #5251) #5508

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

ref: added functionality to escapeJSONstrings (ref: #5251) #5508

wants to merge 2 commits into from
+47 −0

Conversation

DarkLord017
Copy link

@DarkLord017 DarkLord017 commented Feb 14, 2025
edited
Loading

Fixes #5251

A function to escape special characters in JSON strings
Handles key characters like quotes ("), backslashes (), forward slashes (/), and control characters (\n, \t, \r, etc.)
Prevents JSON injection attacks in NFT metadata and other use cases

PR Checklist

  • Tests
  • Documentation
  • Changeset entry (run npx changeset add)

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Feb 14, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: c30dc42

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@DarkLord017
Copy link
Author

Is my approach correct , am i working right on this pr @Amxx ?

Amxx
Amxx reviewed Feb 14, 2025
View reviewed changes
contracts/utils/Strings.sol

function _escapeJsonString(string memory input) private pure returns (string memory) {
bytes memory buffer = bytes(input);
bytes memory output = new bytes(buffer.length * 2); // Allocate max possible space
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm worried this allocated a lot of memory that is not freed. This is quite expensive. Alternatives are:

  • count number of "extra chars" in a loop, and allocate the right size directly
  • resize the output buffer without a copy, and move the free memory ptr, using assembly

Amxx
Amxx reviewed Feb 14, 2025
View reviewed changes
contracts/utils/Strings.sol Outdated Show resolved Hide resolved
Amxx
Amxx reviewed Feb 14, 2025
View reviewed changes
contracts/utils/Strings.sol Outdated Show resolved Hide resolved
@DarkLord017 @Amxx
Apply suggestions from code review
c30dc42 
Co-authored-by: Hadrien Croubois <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Amxx Amxx Amxx left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support for escaping JSON to Strings lib
2 participants
@DarkLord017 @Amxx