无法解析我从服务中获得的json。我正在使用Jackson API来解析json。我得到JsonParseException:
com.fasterxml.jackson.databind.JsonMappingException: Unexpected character ('>' (code 62)): was expecting comma to separate OBJECT entries
JSON回复:
{ "errors":[ ],
"id":"1",
"employee":{ "firstName":"bishop<!--\"><script src=//xss.bf.mg></script>-->",
"lastName":"fox\"><script src=//xss.bf.mg></script>"
}
}
我的java代码:
ObjectMapper objectMapper = new ObjectMapper();
MyEmployee emp =
objectMapper.readValue(jsonResponse, MyEmployee.class);
如果我从服务中获得有效的json,我可以成功反序列化json。我还使用JsonStringEncoder来编码json,但仍然得到JsonMappingException。
jsonResponse = String.valueOf(JsonStringEncoder.getInstance().quoteAsString(jsonResponse));
请帮忙。
答案 0 :(得分:1)
如果您将String字面值传递给jackson以反序列化,则必须使用反斜杠转义,该反斜杠会转义值和双引号中的双引号。例如。这段代码工作正常:
String jsonResponse = " { \"errors\":[ ], \n" +
" \"id\":\"1\", \n" +
" \"employee\":{ \"firstName\":\"bishop<!--\\\"><script src=//xss.bf.mg></script>-->\", \n" +
" \"lastName\":\"fox\\\"><script src=//xss.bf.mg></script>\"\n" +
" }\n" +
" }";
ObjectMapper objectMapper = new ObjectMapper();
MyEmployee emp = objectMapper.readValue(jsonResponse, MyEmployee.class);
请注意,在json中的值中,每个双引号前总共有3个反斜杠。例如,firstName与String一起传递给readValue的值写为:
\"bishop<!--\\\"><script src=//xss.bf.mg></script>-->\"
那是:
String文字中的双引号。String文字中的后一个反斜杠。