use built-in escape_html_entities_in_json support

this is equivalent to our custom addition to do this escaping (though it also escapes amperstands, which ours didn't) test plan: do an api request that returns a json string with html entities, or just load up the console and do a "<>&".to_json Change-Id: Ifaeaa595de4bd621708b43c45f915a67409ef95a Reviewed-on: https://gerrit.instructure.com/9614 Tested-by: Jenkins <jenkins@instructure.com> Reviewed-by: Brian Palmer <brianp@instructure.com>
2012-03-26 19:45:20 -06:00 · 2012-03-26 19:45:20 -06:00 · b2a8838a7d
parent c9025f3151
commit b2a8838a7d
2 changed files with 1 additions and 8 deletions
--- a/config/environment.rb
+++ b/config/environment.rb
@ -77,8 +77,8 @@ Rails::Initializer.run do |config|
  config.middleware.insert_before('ActionController::ParamsParser', "RequestContextGenerator")
  config.to_prepare do
    require_dependency 'canvas/plugins/default_plugins'
+    ActiveSupport::JSON::Encoding.escape_html_entities_in_json = true
  end
-
 end

 # Extend any base classes, even gem classes
--- a/config/initializers/json.rb
+++ b/config/initializers/json.rb
@ -1,10 +1,3 @@
-String.class_eval do
-  def to_json_with_html_safety(*args)
-    to_json_without_html_safety(*args).gsub(/<|>/) { |m| m == '<' ? '\\u003C' : '\\u003E' }
-  end
-  alias_method_chain :to_json, :html_safety
-end
-
 # JSON::Ext overwrites Rails' implemenation of these.
 # And does dumb stuff instantiating a state object and temp buffer and crap
 # which is really slow if you have 50,000 nil values.