Merge branch '2.8'

cowtowncoder · cowtowncoder · commit d89cfa159b0c · 2017-04-22T10:54:45.000-07:00
diff --git a/release-notes/CREDITS b/release-notes/CREDITS
@@ -603,7 +603,11 @@ Joshua Jones
 Ivo Studens (istudens@redhat.com)
   * Contributed #1585: Invoke ServiceLoader.load() inside of a privileged block
     when loading modules using `ObjectMapper.findModules()`
-  (2.8.9)
+   (2.8.9)
+
+Marco Catania (catanm@github.com)
+  * Contributed #1597: Escape JSONP breaking characters
+   (2.8.9)
 
 Connor Kuhn (ckuhn@github)
   * Contributed #1341: FAIL_ON_MISSING_EXTERNAL_TYPE_ID_PROPERTY
diff --git a/release-notes/VERSION b/release-notes/VERSION
@@ -77,6 +77,11 @@ Project: jackson-databind
 
 2.8.9 (not yet released)
 
+#1597: Escape JSONP breaking characters
+ (contributed by Marco C)
+
+2.8.8.1 (19-Apr-2017)
+
 #1585: Invoke ServiceLoader.load() inside of a privileged block when loading
   modules using `ObjectMapper.findModules()`
  (contributed by Ivo S)
diff --git a/src/main/java/com/fasterxml/jackson/databind/util/JSONPObject.java b/src/main/java/com/fasterxml/jackson/databind/util/JSONPObject.java
@@ -4,7 +4,6 @@
 
 import com.fasterxml.jackson.core.*;
 
-import com.fasterxml.jackson.core.io.CharacterEscapes;
 import com.fasterxml.jackson.databind.*;
 import com.fasterxml.jackson.databind.jsontype.TypeSerializer;
 
@@ -14,8 +13,6 @@
  * <a href="http://en.wikipedia.org/wiki/JSONP">JSONP</a> wrapping.
  * 
  * @see com.fasterxml.jackson.databind.util.JSONWrappedObject
- * 
- * @author tatu
  */
 public class JSONPObject
     implements JsonSerializable
@@ -56,42 +53,45 @@ public JSONPObject(String function, Object value, JavaType asType)
      */
 
     @Override
-    public void serializeWithType(JsonGenerator jgen, SerializerProvider provider, TypeSerializer typeSer)
-            throws IOException, JsonProcessingException
+    public void serializeWithType(JsonGenerator gen, SerializerProvider provider, TypeSerializer typeSer)
+            throws IOException
     {
         // No type for JSONP wrapping: value serializer will handle typing for value:
-        serialize(jgen, provider);
+        serialize(gen, provider);
     }
 
     @Override
-    public void serialize(JsonGenerator jgen, SerializerProvider provider)
-            throws IOException, JsonProcessingException
+    public void serialize(JsonGenerator gen, SerializerProvider provider)
+            throws IOException
     {
-        CharacterEscapes currentCharacterEscapes = jgen.getCharacterEscapes();
+        // First, wrapping:
+        gen.writeRaw(_function);
+        gen.writeRaw('(');
 
-        // NOTE: Escape line-separator characters that break JSONP only if no custom character escapes are set.
-        // If custom escapes are in place JSONP-breaking characters will not be escaped and it is recommended to
-        // add escaping for those (see JsonpCharacterEscapes class).
-        if (currentCharacterEscapes == null) {
-            jgen.setCharacterEscapes(JsonpCharacterEscapes.instance());
-        }
+        if (_value == null) {
+            provider.defaultSerializeNull(gen);
+        } else {
+            // NOTE: Escape line-separator characters that break JSONP only if no custom character escapes are set.
+            // If custom escapes are in place JSONP-breaking characters will not be escaped and it is recommended to
+            // add escaping for those (see JsonpCharacterEscapes class).
+            boolean override = (gen.getCharacterEscapes() == null);
+            if (override) {
+                gen.setCharacterEscapes(JsonpCharacterEscapes.instance());
+            }
 
-        try {
-            // First, wrapping:
-            jgen.writeRaw(_function);
-            jgen.writeRaw('(');
-            if (_value == null) {
-                provider.defaultSerializeNull(jgen);
-            } else if (_serializationType != null) {
-                provider.findTypedValueSerializer(_serializationType, true, null).serialize(_value, jgen, provider);
-            } else {
-                Class<?> cls = _value.getClass();
-                provider.findTypedValueSerializer(cls, true, null).serialize(_value, jgen, provider);
+            try {
+                if (_serializationType != null) {
+                    provider.findTypedValueSerializer(_serializationType, true, null).serialize(_value, gen, provider);
+                } else {
+                    provider.findTypedValueSerializer(_value.getClass(), true, null).serialize(_value, gen, provider);
+                }
+            } finally {
+                if (override) {
+                    gen.setCharacterEscapes(null);
+                }
             }
-            jgen.writeRaw(')');
-        } finally {
-            jgen.setCharacterEscapes(currentCharacterEscapes);
         }
+        gen.writeRaw(')');
     }
 
     /*
