# HG changeset patch
# User jbe
# Date 1265155038 -3600
# Node ID e017c47d43b5bd576859b50bfd202add708f94c8
# Parent  64f4540ce88c528511dd6e91f5a6474f18205d62
Modified encode.json to avoid special CDATA sequences in output

diff -r 64f4540ce88c -r e017c47d43b5 framework/env/encode/json.lua
--- a/framework/env/encode/json.lua	Sun Jan 31 18:37:38 2010 +0100
+++ b/framework/env/encode/json.lua	Wed Feb 03 00:57:18 2010 +0100
@@ -4,7 +4,8 @@
   obj          -- true, false, nil or a number or string
 )
 
-This function encodes any native datatype or atom in JavaScript object notation (JSON).
+This function encodes any native datatype or atom in JavaScript object notation (JSON). It ensures that the returned string can be safely included in inline scripts both in HTML and XHTML (within CDATA section).
+
 TODO: can't distinguish unambiguously between empty object and empty list!
 
 --]]--
@@ -48,19 +49,20 @@
     end
     return table.concat(parts)
   else
-    return
-      '"' ..
-      string.gsub(atom.dump(obj), ".",
-        function (char)
-          if char == '\r' then return '\\r'  end
-          if char == '\n' then return '\\n'  end
-          if char == '\\' then return '\\\\' end
-          if char == '"'  then return '\\"'  end
-          if char == '/'  then return '\\/'  end  -- allowed according to RFC4627, needed for </script>
-          local byte = string.byte(char)
-          if byte < 32 then return string.format("\\u%04x", byte) end
-        end
-      ) ..
-      '"'
+    local str = atom.dump(obj)
+    str = string.gsub(str, ".",
+      function (char)
+        if char == '\r' then return '\\r'  end
+        if char == '\n' then return '\\n'  end
+        if char == '\\' then return '\\\\' end
+        if char == '"'  then return '\\"'  end
+        local byte = string.byte(char)
+        if byte < 32 then return string.format("\\u%04x", byte) end
+      end
+    )
+    str = string.gsub(str, "</", "<\\/")
+    str = string.gsub(str, "<!%[CDATA%[", "\\u003c![CDATA[")
+    str = string.gsub(str, "]]>", "]]\\u003e")
+    return '"' .. str .. '"'
   end
 end
diff -r 64f4540ce88c -r e017c47d43b5 framework/env/ui/script.lua
--- a/framework/env/ui/script.lua	Sun Jan 31 18:37:38 2010 +0100
+++ b/framework/env/ui/script.lua	Wed Feb 03 00:57:18 2010 +0100
@@ -9,6 +9,8 @@
 
 This function is used to insert a script into the active slot.
 
+WARNING: The given script MUST NOT include two closing square brackets directly followed by a greater-than sign, unless the output is interpreted strictly as XHTML. For string literals this is ensured automatically, if being encoded with encode.json{...}.
+
 --]]--
 
 function ui.script(args)