html/template: should escape JSON without using \x #33671
Comments
|
FWIW, http://json.org agrees that \u escapes are valid JSON and \x escapes are not. ISTM, the simple solution is to tell the JavaScript escaper to always use \u. JS and JSON have other differences around whitespace handing, but it's easy enough to make them compatible. |
earthboundkid
changed the title
bcmills
changed the title
bcmills
added
the
NeedsInvestigation
|
I investigated this a bit and I confirm it is an issue. ( Some context for future reference: https://json-ld.org/ ) @carlmjohnson would you like to work on a CL for this? |
|
We are having this exact same problem as of today, is there a deadline or a workaround for this? It's really impacting our SEO. |
|
I started working on a fix, but honestly, I'm in over my head because I don't know what is valid or invalid in JS and I don't understand what all the test cases are testing for. In terms of a workaround, if you're using Hugo, you can do |
|
Thanks, if anybody needs a workaround for gin gonic, it's in Chinese, but Google translate is helpful. |
|
@Harumaro there is no deadline that I am aware of but if you are willing to work on a fix I can do the review and approval to expedite this. |
|
@empijei Sent a broken CL with just the \x → \u change. It needs a lot of test fixes. |
|
Change https://golang.org/cl/224898 mentions this issue: |
|
Thanks for working on this. Please let me know when it is ready for review
:)
…On Mon, 23 Mar 2020 at 13:54, GopherBot ***@***.***> wrote:
Change https://golang.org/cl/224898 mentions this issue: html/template:
escape JS/JSON with \u
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#33671 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAJSU4OPUPOPRG4XMGT2DFDRI5LXVANCNFSM4IMAIKBA>
.
|
|
I love the PR you made we really need it, without the fixed code we are issuing a lot of errors on js console (SEO problem and logging problems our sentry is out of quota for this)
@carlmjohnson the workaround is not working waiting for this, now we are patching go :) (edited) |
|
This fixes your snippet without waiting on a language change (months in the best case): https://play.golang.org/p/pNtKGJgTQs0 |
I can take a look and see if I can fix it. |
|
Change https://golang.org/cl/226097 mentions this issue: |
|
🎉 |
What version of Go are you using (
go version)?go version go1.12.7 darwin/amd64
Does this issue reproduce with the latest release?
Yes.
What did you do?
Ran this snippet
What did you expect to see?
An HTML document containing valid JSON.
What did you see instead?
Invalid JSON, as reported by https://search.google.com/structured-data/testing-tool/
Go escapes what is between the
<script>tags as though it were JavaScript because of #26053. That's mostly correct, except that there are subtle difference between valid JavaScript and valid JSON. Specifically, https://search.google.com/structured-data/testing-tool/ reports that\x3cstyle escaping is not correct for LD JSON. It needs to be\u003cinstead.The text was updated successfully, but these errors were encountered: