Broker websocket API doesn't like JSON strings with unicode escaping #457
Comments
Absolutely. We actually already have someone working on this (actor-framework/actor-framework#1949), so I'll take care that the fix finds its way to Broker/Zeek. |
|
Much appreciated @Neverlord |
|
@Neverlord, any chance this was resolved? I see that the PR you referenced above has merged. |
|
Note: If this remains an open issue in Broker, we may recommend switching to the Zeek-based websocket implementation in v8.0 instead of continuing to work on the Broker websockets. |
That's not a valid proposal for this bug. The Zeek-based websocket implementation uses the existing broker functionality for JSON serialization/deserialization purposes, so that bug exists there as well. |
|
@awelzel ah, thanks for chiming in! I'll pull in the patch. |
I encountered this while trying to send a string with HTML entities in it (e.g.,
<ohai>), and discovering that my JSON library (un?) helpfully escapes them as follows:{"@data-type":"string","data":"\u003cohai\u003e"}I will patch https://github.com/corelight/go-zeek-broker-ws to turn off the HTML entity escaping feature and avoid this problem (I don't think we care about crappy browser security issues, and broker/CAF is happy to deserialise the string with HTML entities), but not handling escaped characters is probably a bug worth fixing.
The text was updated successfully, but these errors were encountered: