Improve the underlying escaping function JsonDoubleQuoteT to escape < and > characters BY DEFAULT to prevent script execution.

BUG=40147
TEST=StringEscapeTest.*
Review URL: http://codereview.chromium.org/1512013

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@43695 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 4 insertions, 3 deletions

diff --git a/base/json/string_escape.cc b/base/json/string_escape.cc
index 5bf0b86..0b12439 100644
--- a/base/json/string_escape.cc
+++ b/base/json/string_escape.cc
@@ -58,9 +58,10 @@ void JsonDoubleQuoteT(const STR& str,
   for (typename STR::const_iterator it = str.begin(); it != str.end(); ++it) {
     typename ToUnsigned<typename STR::value_type>::Unsigned c = *it;
     if (!JsonSingleEscapeChar(c, dst)) {
-      if (c < 32 || c > 126) {
-        // Technically, we could also pass through c > 126 as UTF8, but this is
-        // also optional.  It would also be a pain to implement here.
+      if (c < 32 || c > 126 || c == '<' || c == '>') {
+        // 1. Escaping <, > to prevent script execution.
+        // 2. Technically, we could also pass through c > 126 as UTF8, but this
+        //    is also optional.  It would also be a pain to implement here.
         unsigned int as_uint = static_cast<unsigned int>(c);
         StringAppendF(dst, "\\u%04X", as_uint);
       } else {