Bugreport When you have a ` ` in your password sent to the ` GoodData #gooddata-cn

Bugreport: When you have a `\/` in your password s...

Vajk Hermecz

11/23/2021, 7:46 PM

Bugreport: When you have a

\/

in your password sent to the

api/entities/dataSources/

endpoint, the server only stores a

into the database. So looks like the value is not treated as a simple string, but escaping is evaluated on it.

Vajk Hermecz

11/23/2021, 7:50 PM

I've used curl's

--trace-ascii /dev/stdout

args to see what is being sent to the server, and looked into the

md.data_source

table to see what has been stored, that's how I found it.

Robert Moucha

11/23/2021, 10:30 PM

Please note that the payload in encoded in JSON and this serialization format handles

differently - it behaves like "escape character" that modified the meaning of the following character. Some characters have special meaning, e.g.

\n

is a newline (0xA in ASCII encoding),

\t

is a TAB character (0x09) and so on. So

\/

escapes the forward slash char. If you need to store

using JSON format, you need to escape this character as well, so you need to store it as

\\

See String grammar described in https://www.json.org/json-en.html

Robert Moucha

11/23/2021, 10:38 PM

If you wonder what's the reason why

\/

translates to literal

, it is that JSON was designed for World-Wide Web so if you want to store HTML tag in JSON that is embedded in

<script>

HTML tag. :)

Vajk Hermecz

11/24/2021, 6:08 PM

Dammit, you are so right. Yeah, building payload from bash is probably not the smartest way. Thx for looking into this, sorry about the false alarm. Thx for the explanation.

✅ 1

Open in Slack

Previous Next