zerver: Remove simplejson dependency.

Modified by tabbott to put the third-party code in a new file. Fixes #6970.
2017-10-17 11:34:37 +02:00 · 2017-10-17 11:34:37 +02:00 · e169bb0954
parent b4e67fac36
commit e169bb0954
7 changed files with 67 additions and 11 deletions
--- a/docs/THIRDPARTY
+++ b/docs/THIRDPARTY
@ -182,6 +182,10 @@ Files: zerver/lib/decorator.py zerver/management/commands/runtornado.py scripts/
 Copyright: Django Software Foundation and individual contributors
 License: BSD-3-Clause
 Files: zerver/lib/json_encoder_for_html.py zerver/tests/test_json_encoder_for_html.py
 Copyright: 2006 Bob Ippolito
 License: MIT or Academic Free License v. 2.1
 License: Apache-2.0
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
--- a/requirements/common.in
+++ b/requirements/common.in
@ -119,9 +119,6 @@ redis==2.10.6
 requests_oauthlib==0.8.0
 rsa==3.4.2
 # Needed for its HTML encoder for page_params
 simplejson==3.11.1
 # Needed for Python 2+3 compatibility
 six==1.11.0
 smmap==0.9.0
@ -184,6 +181,3 @@ social-auth-app-django==1.2.0
 # Needed for messages' rendered content parsing in push notifications.
 lxml==4.1.0
 # One occurrence left in home.py
 simplejson==3.11.1
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@ -134,7 +134,6 @@ scrapy==1.4.0
 service-identity==17.0.0  # via scrapy
 sh==1.11                  # via gitlint
 simplegeneric==0.8.1      # via ipython
 simplejson==3.11.1
 six==1.11.0
 smmap==0.9.0
 snakeviz==0.4.2
--- a/requirements/prod.txt
+++ b/requirements/prod.txt
@ -92,7 +92,6 @@ requests-oauthlib==0.8.0
 requests==2.18.4          # via premailer, pyoembed, python-gcm, python-twitter, requests-oauthlib, social-auth-core
 rsa==3.4.2
 simplegeneric==0.8.1      # via ipython
 simplejson==3.11.1
 six==1.11.0
 smmap==0.9.0
 social-auth-app-django==1.2.0
--- a/zerver/lib/json_encoder_for_html.py
+++ b/zerver/lib/json_encoder_for_html.py
@ -0,0 +1,28 @@
 import json
 # Taken from
 # https://github.com/simplejson/simplejson/blob/8edc82afcf6f7512b05fba32baa536fe756bd273/simplejson/encoder.py#L378-L402
 # License: MIT
 class JSONEncoderForHTML(json.JSONEncoder):
    """An encoder that produces JSON safe to embed in HTML.
    To embed JSON content in, say, a script tag on a web page, the
    characters &, < and > should be escaped. They cannot be escaped
    with the usual entities (e.g. &amp;) because they are not expanded
    within <script> tags.
    """
    def encode(self, o):
        # type: (Dict[str, Any]) -> str
        # Override JSONEncoder.encode because it has hacks for
        # performance that make things more complicated.
        chunks = self.iterencode(o, True)
        return ''.join(chunks)
    def iterencode(self, o, _one_shot=False):
        # type: (Dict[str, Any], Optional[bool]) -> Iterator[str]
        chunks = super().iterencode(o, _one_shot)
        for chunk in chunks:
            chunk = chunk.replace('&', '\\u0026')
            chunk = chunk.replace('<', '\\u003c')
            chunk = chunk.replace('>', '\\u003e')
            yield chunk
--- a/zerver/tests/test_json_encoder_for_html.py
+++ b/zerver/tests/test_json_encoder_for_html.py
@ -0,0 +1,32 @@
 import json
 from zerver.lib.json_encoder_for_html import JSONEncoderForHTML
 from zerver.lib.test_classes import ZulipTestCase
 class TestJSONEncoder(ZulipTestCase):
    # Test EncoderForHTML
    # Taken from
    # https://github.com/simplejson/simplejson/blob/8edc82afcf6f7512b05fba32baa536fe756bd273/simplejson/tests/test_encode_for_html.py
    # License: MIT
    decoder = json.JSONDecoder()
    encoder = JSONEncoderForHTML()
    def test_basic_encode(self) -> None:
        self.assertEqual(r'"\u0026"', self.encoder.encode('&'))
        self.assertEqual(r'"\u003c"', self.encoder.encode('<'))
        self.assertEqual(r'"\u003e"', self.encoder.encode('>'))
    def test_basic_roundtrip(self) -> None:
        for char in '&<>':
            self.assertEqual(
                char, self.decoder.decode(
                    self.encoder.encode(char)))
    def test_prevent_script_breakout(self) -> None:
        bad_string = '</script><script>alert("gotcha")</script>'
        self.assertEqual(
            r'"\u003c/script\u003e\u003cscript\u003e'
            r'alert(\"gotcha\")\u003c/script\u003e"',
            self.encoder.encode(bad_string))
        self.assertEqual(
            bad_string, self.decoder.decode(
                self.encoder.encode(bad_string)))
--- a/zerver/views/home.py
+++ b/zerver/views/home.py
@ -1,4 +1,4 @@
-from typing import Any, List, Dict, Optional, Text
+from typing import Any, List, Dict, Optional, Text, Iterator
 from django.conf import settings
 from django.core.urlresolvers import reverse
@ -22,6 +22,7 @@ from zerver.lib.actions import update_user_presence, do_change_tos_version, \
 from zerver.lib.avatar import avatar_url
 from zerver.lib.i18n import get_language_list, get_language_name, \
    get_language_list_for_templates
 from zerver.lib.json_encoder_for_html import JSONEncoderForHTML
 from zerver.lib.push_notifications import num_push_devices_for_user
 from zerver.lib.streams import access_stream_by_name
 from zerver.lib.subdomains import get_subdomain
@ -32,7 +33,6 @@ import datetime
 import logging
 import os
 import re
 import simplejson
 import time
@zulip_login_required
@ -227,7 +227,7 @@ def home_real(request):
    request._log_data['extra'] = "[%s]" % (register_ret["queue_id"],)
    response = render(request, 'zerver/index.html',
                      context={'user_profile': user_profile,
-                               'page_params': simplejson.encoder.JSONEncoderForHTML().encode(page_params),
+                               'page_params': JSONEncoderForHTML().encode(page_params),
                               'nofontface': is_buggy_ua(request.META.get("HTTP_USER_AGENT", "Unspecified")),
                               'avatar_url': avatar_url(user_profile),
                               'show_debug':