Skip to content

Commit 28164b4

Browse files
jhoellerjhoeller
committed
Introduced "jsonPrefix" bean property
This change involves a modification of the "writeContent" template method to include the "jsonPrefix" String instead of the "prefixJson" boolean flag. Since said template method has only been introduced in 3.2.2, this change should hopefully not be a problem. Issue: SPR-10567
1 parent 7e01578 commit 28164b4

File tree

2 files changed

+36
-16
lines changed

2 files changed

+36
-16
lines changed

spring-webmvc/src/main/java/org/springframework/web/servlet/view/json/MappingJackson2JsonView.java

Lines changed: 18 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,7 @@ public class MappingJackson2JsonView extends AbstractView {
6464

6565
private JsonEncoding encoding = JsonEncoding.UTF8;
6666

67-
private boolean prefixJson = false;
67+
private String jsonPrefix;
6868

6969
private Boolean prettyPrint;
7070

@@ -122,16 +122,26 @@ public final JsonEncoding getEncoding() {
122122
return this.encoding;
123123
}
124124

125+
/**
126+
* Specify a custom prefix to use for this view's JSON output.
127+
* Default is none.
128+
* @see #setPrefixJson
129+
*/
130+
public void setJsonPrefix(String jsonPrefix) {
131+
this.jsonPrefix = jsonPrefix;
132+
}
133+
125134
/**
126135
* Indicates whether the JSON output by this view should be prefixed with <tt>"{} && "</tt>.
127136
* Default is {@code false}.
128137
* <p>Prefixing the JSON string in this manner is used to help prevent JSON Hijacking.
129138
* The prefix renders the string syntactically invalid as a script so that it cannot be hijacked.
130139
* This prefix does not affect the evaluation of JSON, but if JSON validation is performed
131140
* on the string, the prefix would need to be ignored.
141+
* @see #setJsonPrefix
132142
*/
133143
public void setPrefixJson(boolean prefixJson) {
134-
this.prefixJson = prefixJson;
144+
this.jsonPrefix = "{} && ";
135145
}
136146

137147
/**
@@ -243,7 +253,7 @@ protected void renderMergedOutputModel(Map<String, Object> model, HttpServletReq
243253

244254
OutputStream stream = (this.updateContentLength ? createTemporaryOutputStream() : response.getOutputStream());
245255
Object value = filterModel(model);
246-
writeContent(stream, value, this.prefixJson);
256+
writeContent(stream, value, this.jsonPrefix);
247257
if (this.updateContentLength) {
248258
writeToResponse(response, (ByteArrayOutputStream) stream);
249259
}
@@ -272,11 +282,11 @@ protected Object filterModel(Map<String, Object> model) {
272282
* Write the actual JSON content to the stream.
273283
* @param stream the output stream to use
274284
* @param value the value to be rendered, as returned from {@link #filterModel}
275-
* @param prefixJson whether the JSON output by this view should be prefixed
276-
* with <tt>"{} && "</tt> (as indicated through {@link #setPrefixJson})
285+
* @param jsonPrefix the prefix for this view's JSON output
286+
* (as indicated through {@link #setJsonPrefix}/{@link #setPrefixJson})
277287
* @throws IOException if writing failed
278288
*/
279-
protected void writeContent(OutputStream stream, Object value, boolean prefixJson) throws IOException {
289+
protected void writeContent(OutputStream stream, Object value, String jsonPrefix) throws IOException {
280290
// The following has been deprecated as late as Jackson 2.2 (April 2013);
281291
// preserved for the time being, for Jackson 2.0/2.1 compatibility.
282292
@SuppressWarnings("deprecation")
@@ -288,8 +298,8 @@ protected void writeContent(OutputStream stream, Object value, boolean prefixJso
288298
generator.useDefaultPrettyPrinter();
289299
}
290300

291-
if (prefixJson) {
292-
generator.writeRaw("{} && ");
301+
if (jsonPrefix != null) {
302+
generator.writeRaw(jsonPrefix);
293303
}
294304
this.objectMapper.writeValue(generator, value);
295305
}

spring-webmvc/src/main/java/org/springframework/web/servlet/view/json/MappingJacksonJsonView.java

Lines changed: 18 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,7 @@ public class MappingJacksonJsonView extends AbstractView {
6464

6565
private JsonEncoding encoding = JsonEncoding.UTF8;
6666

67-
private boolean prefixJson = false;
67+
private String jsonPrefix;
6868

6969
private Boolean prettyPrint;
7070

@@ -122,16 +122,26 @@ public final JsonEncoding getEncoding() {
122122
return this.encoding;
123123
}
124124

125+
/**
126+
* Specify a custom prefix to use for this view's JSON output.
127+
* Default is none.
128+
* @see #setPrefixJson
129+
*/
130+
public void setJsonPrefix(String jsonPrefix) {
131+
this.jsonPrefix = jsonPrefix;
132+
}
133+
125134
/**
126135
* Indicates whether the JSON output by this view should be prefixed with <tt>"{} && "</tt>.
127136
* Default is {@code false}.
128137
* <p>Prefixing the JSON string in this manner is used to help prevent JSON Hijacking.
129138
* The prefix renders the string syntactically invalid as a script so that it cannot be hijacked.
130139
* This prefix does not affect the evaluation of JSON, but if JSON validation is performed
131140
* on the string, the prefix would need to be ignored.
141+
* @see #setJsonPrefix
132142
*/
133143
public void setPrefixJson(boolean prefixJson) {
134-
this.prefixJson = prefixJson;
144+
this.jsonPrefix = "{} && ";
135145
}
136146

137147
/**
@@ -243,7 +253,7 @@ protected void renderMergedOutputModel(Map<String, Object> model, HttpServletReq
243253

244254
OutputStream stream = (this.updateContentLength ? createTemporaryOutputStream() : response.getOutputStream());
245255
Object value = filterModel(model);
246-
writeContent(stream, value, this.prefixJson);
256+
writeContent(stream, value, this.jsonPrefix);
247257
if (this.updateContentLength) {
248258
writeToResponse(response, (ByteArrayOutputStream) stream);
249259
}
@@ -272,11 +282,11 @@ protected Object filterModel(Map<String, Object> model) {
272282
* Write the actual JSON content to the stream.
273283
* @param stream the output stream to use
274284
* @param value the value to be rendered, as returned from {@link #filterModel}
275-
* @param prefixJson whether the JSON output by this view should be prefixed
276-
* with <tt>"{} && "</tt> (as indicated through {@link #setPrefixJson})
285+
* @param jsonPrefix the prefix for this view's JSON output
286+
* (as indicated through {@link #setJsonPrefix}/{@link #setPrefixJson})
277287
* @throws IOException if writing failed
278288
*/
279-
protected void writeContent(OutputStream stream, Object value, boolean prefixJson) throws IOException {
289+
protected void writeContent(OutputStream stream, Object value, String jsonPrefix) throws IOException {
280290
JsonGenerator generator = this.objectMapper.getJsonFactory().createJsonGenerator(stream, this.encoding);
281291

282292
// A workaround for JsonGenerators not applying serialization features
@@ -285,8 +295,8 @@ protected void writeContent(OutputStream stream, Object value, boolean prefixJso
285295
generator.useDefaultPrettyPrinter();
286296
}
287297

288-
if (prefixJson) {
289-
generator.writeRaw("{} && ");
298+
if (jsonPrefix != null) {
299+
generator.writeRaw(jsonPrefix);
290300
}
291301
this.objectMapper.writeValue(generator, value);
292302
}

0 commit comments

Comments
 (0)