Browse code
Disable HTML escaping for JSON strings in `docker inspect`
This fix tries to address the issue raised in 27021 where
HTML strings like (`&, >, <, etc`) in environmental variables
are escaped for JSON output for `docker inspect`. For example,
`TEST_ENV="soanni&rtr"` has been escaped to `TEST_ENV="soanni\u0026rtr"`
This fix disabled HTML escaping with `SetEscapeHTML`, which is available
since golang 1.7.0. This changes will be applied to all JSON output
that utilize `httputils.WriteJSON`.
An integration test has been added to cover the changes.
This fix fixes 27021.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Yong Tang authored on 2016/09/30 10:16:36Showing 2 changed files
| ... | ... |
@@ -81,7 +81,9 @@ func ParseForm(r *http.Request) error {
|
| 81 | 81 |
func WriteJSON(w http.ResponseWriter, code int, v interface{}) error {
|
| 82 | 82 |
w.Header().Set("Content-Type", "application/json")
|
| 83 | 83 |
w.WriteHeader(code) |
| 84 |
- return json.NewEncoder(w).Encode(v) |
|
| 84 |
+ enc := json.NewEncoder(w) |
|
| 85 |
+ enc.SetEscapeHTML(false) |
|
| 86 |
+ return enc.Encode(v) |
|
| 85 | 87 |
} |
| 86 | 88 |
|
| 87 | 89 |
// VersionFromContext returns an API version from the context using APIVersionKey. |
| ... | ... |
@@ -407,3 +407,13 @@ func (s *DockerSuite) TestInspectRootFS(c *check.C) {
|
| 407 | 407 |
|
| 408 | 408 |
c.Assert(len(imageJSON[0].RootFS.Layers), checker.GreaterOrEqualThan, 1) |
| 409 | 409 |
} |
| 410 |
+ |
|
| 411 |
+func (s *DockerSuite) TestInspectAmpersand(c *check.C) {
|
|
| 412 |
+ testRequires(c, DaemonIsLinux) |
|
| 413 |
+ |
|
| 414 |
+ name := "test" |
|
| 415 |
+ out, _ := dockerCmd(c, "run", "--name", name, "--env", `TEST_ENV="soanni&rtr"`, "busybox", "env") |
|
| 416 |
+ c.Assert(out, checker.Contains, `soanni&rtr`) |
|
| 417 |
+ out, _ = dockerCmd(c, "inspect", name) |
|
| 418 |
+ c.Assert(out, checker.Contains, `soanni&rtr`) |
|
| 419 |
+} |