-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
jsonpb: Add option to disable HTML escaping #409
Conversation
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please visit https://cla.developers.google.com/ to sign. Once you've signed, please reply here (e.g.
|
I've signed the CLA. Failing test is Go 1.6, due to lack of |
CLAs look good, thanks! |
I'm not fond of every I'll leave the review to @cybrcodr |
I share the same sentiment that these options should not belong in Here's a simple example of transformation of stripping these escape sequence characters from a JSON string -- https://play.golang.org/p/AdmagoBdkz. I think one can write a faster and more efficient transformation w/o using regexp. |
Alternatively, you could round-trip through the stdlib encoder to act as a JSON-to-JSON transformer: func rewriteJSON(in []byte) ([]byte, error) {
var m map[string]interface{}
if err := json.Unmarshal(in, &m); err != nil {
return in, err
}
var b bytes.Buffer
e := json.NewEncoder(&b)
e.SetEscapeHTML(false)
if err := e.Encode(m); err != nil {
return in, err
}
return b.Bytes(), nil
} |
@dsnet @cybrcodr Can I politely disagree with this decision and this pr/issue be re-opened? Post-processing can be very expensive, and it isn't always easy to find a place to do the post-processing. HTML escaping in json is a gotchya that has broken clients and downstream processes for us before. I don't believe it is too much to ask to allow us the ability to turn it off. There aren't any other options that |
Hi @veqryn.
That seems to be a bug in the downstream client if they're not able to handle RFC 7195 compliant output. I believe it is a mistake if bugs in downstream code require upstream code to make changes. It encourages buggy behavior to persist.
Each new feature request often seems like it isn't too much to ask, but they do pile up. As a result, it can become difficult to add other features that are actually more desired since they may interact poorly with the current set of features. That is exactly what happened to |
I realize and agree with with everything you said, but I would still really like to see the ability to turn off html-escaping. |
I'm not sure how that would work. Did you mean to expose Assuming that's the case, you are correct that this provides the flexibility that you want in this specific case, but it also incurs detriments:
Overall, I understand the desire to have an override, but I'm not seeing a compelling reason to add it now:
† I'm aware that we already exposed via jsonpb.UnmarshalNext, but that was a mistake and should not be precedence for more exposure. |
Actually I was not thinking of exposing Right the code calls: Let the user put their own function JSON Marshalling there, so long as it matches the same signature: |
What is the input to |
I guess I'd have to see the v2 version to see where the best place or way to add this feature would be. I assume based on what you have said so far that you are trying to keep API compatibility between the v1 and v2 implementations of jsonpb? If not then I would also argue there is nothing wrong with doing it one way in v1 and a different way in v2. |
Not API compatibility (the whole purpose of v2 is to break API compatibility), but feature compatibility. That is, the ability to implement v1 in terms of the v2 API. Otherwise, we are on the hook forever to maintain the v1 code. |
So in that case, I'd agree that putting something into v1 that doesn't play well with the upcoming v2 is bad idea. What does get put in, should probably go into v2 first and then get backported in a nice way to v1. Without seeing what v2 looks like, I believe all I can do at this point is say that I would like the ability to not escape HTML in the generated JSON. Maybe that takes the form of a I'd be happy to help out or make a PR, if you have some idea or direction of what you'd accept. |
Yep. Thank you for being understanding. You can keep track of all the v2 work here: https://github.com/golang/protobuf/tree/api-v2 |
Helps fixing: - gogo#484 - grpc-ecosystem/grpc-gateway#566 via https://github.com/gogo/gateway Upstream issue: golang/protobuf#409 Original upstream patch by Paul Nichols (@pauln) here: golang/protobuf#409
Adds a new
SkipEscapeHTML
option tojsonpb.Marshaler
, which disables HTML escaping by swapping outjson.Marshal
in favour of a JSONEncoder
withSetEscapeHTML(false)
called on it.Closes #407.