Opened 9 years ago
Closed 6 years ago
#10740 closed defect (fixed)
[patch][cla] dojox.json.ref.toJson handles references unsafely
| Reported by: | avoidscorn | Owned by: | Kris Zyp |
|---|---|---|---|
| Priority: | high | Milestone: | 1.9 |
| Component: | Dojox | Version: | 1.4.0 |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: |
Description
dojox.json.ref.toJson can leave a generated __id attribute on the root object if it generates a $ref in the JSON. The culprit is the recursive call on line 284, which causes generated['#'] to point to the refObject instead of the root object. As a result, the generated __id on the root object does not get cleaned up.
While this may seem like a minor issue, it can cause more serious problems. If dojox.json.ref.toJson is called again with a different root object that contains the old root object via some path, then it will emit a nonsensical '{"$ref":"#"}' when serializing the old root object. For example, when oldRoot.__id === "#", then dojox.json.ref.toJson({a: oldRoot}) will return '{"a":{"$ref":"#"}}'.
The attached patch uses dojo.toJson to serialize the refObject which resolves the problem with no issues AFAICT. It also contains a test case for this issue.
Attachments (1)
Change History (4)
Changed 9 years ago by
comment:1 Changed 9 years ago by
| Component: | DojoX Data → Dojox |
|---|---|
| Owner: | changed from Jared Jurkiewicz to Kris Zyp |
comment:2 Changed 6 years ago by
| Milestone: | tbd → 1.9 |
|---|
Kris, is json referencing still something we are maintaining?