Avoid escaping HTML sensitive characters when writing configuration to file#1691
Merged
Aniruddh25 merged 7 commits intomainfrom Sep 7, 2023
Merged
Avoid escaping HTML sensitive characters when writing configuration to file#1691Aniruddh25 merged 7 commits intomainfrom
Aniruddh25 merged 7 commits intomainfrom
Conversation
Aniruddh25
requested review from
JelteF,
Mathos1432,
aaronburtle,
aaronpowell,
abhishekkumams,
ayush3797,
gledis69,
mbhaskar,
milismsft,
ravishetye,
seantleonard,
severussundar and
tarazou9
as code owners
seantleonard
reviewed
Sep 7, 2023
seantleonard
approved these changes
Sep 7, 2023
Contributor
seantleonard
left a comment
seantleonard
left a comment
There was a problem hiding this comment.
One question otherwise, lgtm!
abhishekkumams
approved these changes
Sep 7, 2023
Aniruddh25
added a commit
that referenced
this pull request
Sep 7, 2023
…o file (#1691) ## Why make this change? - Closes #1687 ## What is this change? - Set the Encoder for JsonSerializationOptions to be [`JavaScriptEncoder.UnsafeRelaxedJsonEscaping`](https://learn.microsoft.com/en-us/dotnet/api/system.text.encodings.web.javascriptencoder.unsaferelaxedjsonescaping?view=net-7.0) instead of the default encoder. - Although [this article](https://learn.microsoft.com/en-us/dotnet/standard/serialization/system-text-json/character-encoding#serialize-all-characters) mentions use this encoder with caution, since we are sure the file contents will be deserialized as UTF-8 JSON, we should be safe to use this encoder. - We were using this encoder previously from the fix in #1386, but with #1402, that original fix was essentially not being used since #1402 introduced usage of the new `GetJsonSerializerOptions()` function in `RuntimeConfigLoader`. ## How was this tested? - [X] Unit Tests. `TestSpecialCharactersInConnectionString` is moved to the `ConfigGeneratorTests` since keeping it as part of `InitTests` with the Verify framework wasn't really testing the scenario since we ignore connection strings in the snapshots. - This regression from #1402 was not caught because this test scenario was effectively being skipped. - Note, this test is modified to explicitly compare the expected and actual json string from file since any usage of JsonSerializer/JObject.Parse would require using the same encoder to deserialize making the test itself run similar code which it is testing. Parsing into JSON objects would treat `\u0027` and `'` as equal whereas string comparison wont. Hence, comparison using string is necessary to catch regressions here. ## Sample Request(s) BEFORE: `dab init --host-mode development --database-type mssql --connection-string "@env('my-connection-string')"` creates the configuration file as follows: ``` { "$schema": "https://github.com/Azure/data-api-builder/releases/download/v0.8.49/dab.draft.schema.json", "data-source": { "database-type": "mssql", "connection-string": "@env(\u0027my-connection-string\u0027)", "options": { "set-session-context": false } } ``` Note, the value of connection string. AFTER: Same command creates the following file: ``` { "$schema": "https://github.com/Azure/data-api-builder/releases/download/v0.8.49/dab.draft.schema.json", "data-source": { "database-type": "mssql", "connection-string": "@env('my-connection-string')", "options": { "set-session-context": false } } ``` --------- Co-authored-by: Abhishek Kumar <[email protected]>
Aniruddh25
added a commit
that referenced
this pull request
Sep 7, 2023
- Cherry Picks #1691 into release/0.8 --------- Co-authored-by: Abhishek Kumar <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why make this change?
What is this change?
JavaScriptEncoder.UnsafeRelaxedJsonEscapinginstead of the default encoder.GetJsonSerializerOptions()function inRuntimeConfigLoader.How was this tested?
TestSpecialCharactersInConnectionStringis moved to theConfigGeneratorTestssince keeping it as part ofInitTestswith the Verify framework wasn't really testing the scenario since we ignore connection strings in the snapshots.\u0027and'as equal whereas string comparison wont. Hence, comparison using string is necessary to catch regressions here.Sample Request(s)
BEFORE:
dab init --host-mode development --database-type mssql --connection-string "@env('my-connection-string')"creates the configuration file as follows:
Note, the value of connection string.
AFTER: Same command creates the following file: