Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-26905

Add safer looseDeserialize that ignores type information from the json strings

    Details

      Description

      Loose deserialization uses flexjson library for deserializing json strings. One of the flexjson features is to create instance of any objects that are specified in json map property named 'class'. On some points in portal, we do not want to allow flexjson to create any class, as in such situation the types are usually casted later; we want to have simple deserialization to the List/Map of Strings.

      Current solution (a quick fix), to replace the 'class' string with a dummy string is naive, as there are many different ways how json string can be formatted. for example, the following two are equal:

      "class": ...
      "\u0063lass": ...
      

      The real solution is to add an option into PortalBeanObjectFactory that will return a map, regardless of a type. Note that the flexjson constructs:

      .use("class", java.lang.String.class).
      .use("*.class", java.lang.String.class).
      

      doesn't work.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              support-lep@liferay.com SE Support
              Reporter:
              igor.spasic Igor Spasic (Inactive)
              Participants of an Issue:
              Recent user:
              Brian Wulbern
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                9 years, 13 weeks ago

                  Packages

                  Version Package
                  6.1.1 CE GA2
                  6.1.20 EE GA2
                  --Sprint 11/12
                  6.2.0 CE M2