From 0fa20ad13b0b5c6d1bf8a8285717c07697d079ba Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Thu, 29 Sep 2016 18:16:36 -0700 Subject: [PATCH] Disable HTML escaping for JSON strings in `docker inspect` This fix tries to address the issue raised in 27021 where HTML strings like (`&, >, <, etc`) in environmental variables are escaped for JSON output for `docker inspect`. For example, `TEST_ENV="soanni&rtr"` has been escaped to `TEST_ENV="soanni\u0026rtr"` This fix disabled HTML escaping with `SetEscapeHTML`, which is available since golang 1.7.0. This changes will be applied to all JSON output that utilize `httputils.WriteJSON`. An integration test has been added to cover the changes. This fix fixes 27021. Signed-off-by: Yong Tang --- api/server/httputils/httputils.go | 4 +++- integration-cli/docker_cli_inspect_test.go | 10 ++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/api/server/httputils/httputils.go b/api/server/httputils/httputils.go index 46ad571778..2a0418f9bd 100644 --- a/api/server/httputils/httputils.go +++ b/api/server/httputils/httputils.go @@ -81,7 +81,9 @@ func ParseForm(r *http.Request) error { func WriteJSON(w http.ResponseWriter, code int, v interface{}) error { w.Header().Set("Content-Type", "application/json") w.WriteHeader(code) - return json.NewEncoder(w).Encode(v) + enc := json.NewEncoder(w) + enc.SetEscapeHTML(false) + return enc.Encode(v) } // VersionFromContext returns an API version from the context using APIVersionKey. diff --git a/integration-cli/docker_cli_inspect_test.go b/integration-cli/docker_cli_inspect_test.go index d28bb074ba..d99ae6d091 100644 --- a/integration-cli/docker_cli_inspect_test.go +++ b/integration-cli/docker_cli_inspect_test.go @@ -407,3 +407,13 @@ func (s *DockerSuite) TestInspectRootFS(c *check.C) { c.Assert(len(imageJSON[0].RootFS.Layers), checker.GreaterOrEqualThan, 1) } + +func (s *DockerSuite) TestInspectAmpersand(c *check.C) { + testRequires(c, DaemonIsLinux) + + name := "test" + out, _ := dockerCmd(c, "run", "--name", name, "--env", `TEST_ENV="soanni&rtr"`, "busybox", "env") + c.Assert(out, checker.Contains, `soanni&rtr`) + out, _ = dockerCmd(c, "inspect", name) + c.Assert(out, checker.Contains, `soanni&rtr`) +}