public class JsonUtils
extends java.lang.Object
| Modifier and Type | Method and Description |
|---|---|
static java.lang.String |
escapeJsonForEval(java.lang.String toEscape)
Escapes characters within a JSON string than cannot be passed directly to
eval().
|
static java.lang.String |
escapeValue(java.lang.String toEscape)
Returns a quoted, escaped JSON String.
|
static <T extends JavaScriptObject> |
safeEval(java.lang.String json)
Evaluates a JSON expression safely.
|
static boolean |
safeToEval(java.lang.String text)
Returns true if the given JSON string may be safely evaluated by
eval() without undersired side effects or security risks. |
(package private) static void |
throwIllegalArgumentException(java.lang.String message,
java.lang.String data) |
static <T extends JavaScriptObject> |
unsafeEval(java.lang.String json)
Evaluates a JSON expression using
eval(). |
public static java.lang.String escapeJsonForEval(java.lang.String toEscape)
public static java.lang.String escapeValue(java.lang.String toEscape)
public static <T extends JavaScriptObject> T safeEval(java.lang.String json)
T - The type of JavaScriptObject that should be returnedjson - The source JSON textjava.lang.IllegalArgumentException - if the input is not valid JSONpublic static boolean safeToEval(java.lang.String text)
eval() without undersired side effects or security risks. Note that a true
result from this method does not guarantee that the input string is valid
JSON. This method does not consider the contents of quoted strings; it
may still be necessary to perform escaping prior to evaluation for correct
results.
The technique used is taken from RFC 4627.
public static <T extends JavaScriptObject> T unsafeEval(java.lang.String json)
eval(). This method does not
validate the JSON text and should only be used on JSON from trusted
sources. The payload must evaluate to an Object or an Array (not a
primitive or a String).T - The type of JavaScriptObject that should be returnedjson - The source JSON textstatic void throwIllegalArgumentException(java.lang.String message,
java.lang.String data)