Opened 12 years ago

Closed 9 years ago

#10740 closed defect (fixed)

[patch][cla] dojox.json.ref.toJson handles references unsafely

Reported by: avoidscorn Owned by: Kris Zyp
Priority: high Milestone: 1.9
Component: Dojox Version: 1.4.0
Keywords: Cc:
Blocked By: Blocking:


dojox.json.ref.toJson can leave a generated __id attribute on the root object if it generates a $ref in the JSON. The culprit is the recursive call on line 284, which causes generated['#'] to point to the refObject instead of the root object. As a result, the generated __id on the root object does not get cleaned up.

While this may seem like a minor issue, it can cause more serious problems. If dojox.json.ref.toJson is called again with a different root object that contains the old root object via some path, then it will emit a nonsensical '{"$ref":"#"}' when serializing the old root object. For example, when oldRoot.__id === "#", then dojox.json.ref.toJson({a: oldRoot}) will return '{"a":{"$ref":"#"}}'.

The attached patch uses dojo.toJson to serialize the refObject which resolves the problem with no issues AFAICT. It also contains a test case for this issue.

Attachments (1)

ref.patch (1.1 KB) - added by avoidscorn 12 years ago.

Download all attachments as: .zip

Change History (4)

Changed 12 years ago by avoidscorn

Attachment: ref.patch added

comment:1 Changed 12 years ago by Adam Peller

Component: DojoX DataDojox
Owner: changed from Jared Jurkiewicz to Kris Zyp

comment:2 Changed 9 years ago by dylan

Milestone: tbd1.9

Kris, is json referencing still something we are maintaining?

comment:3 Changed 9 years ago by Kris Zyp

Resolution: fixed
Status: newclosed

In [30705]:

Fix reference object serialization, fixes #10740 !strict

Note: See TracTickets for help on using tickets.