Improvements in sanitizing invalid JSON

HISTORY.md

@@ -3,6 +3,11 @@
 https://github.com/josdejong/jsoneditor
 
 
+## not yet released, version 5.1.2
+
+- Improvements in sanitizing invalid JSON.
+
+
 ## 2016-01-16, version 5.1.1
 
 - Fixed #257: Improving error messages for enum errors failed when the

src/js/util.js

@@ -45,33 +45,38 @@ exports.sanitize = function (jsString) {
   function next()  { return jsString.charAt(i + 1); }
   function prev()  { return jsString.charAt(i - 1); }
 
-  // test whether the last non-whitespace character was a brace-open '{'
-  function prevIsBrace() {
-    var ii = i - 1;
-    while (ii >= 0) {
-      var cc = jsString.charAt(ii);
-      if (cc === '{') {
-        return true;
-      }
-      else if (cc === ' ' || cc === '\n' || cc === '\r') { // whitespace
-        ii--;
-      }
-      else {
-        return false;
+  // get the last parsed non-whitespace character
+  function lastNonWhitespace () {
+    var p = chars.length - 1;
+
+    while (p >= 0) {
+      var pp = chars[p];
+      if (pp !== ' ' && pp !== '\n' && pp !== '\r' && pp !== '\t') { // non whitespace
+        return pp;
       }
+      p--;
     }
-    return false;
+
+    return '';
   }
 
   // skip a block comment '/* ... */'
-  function skipComment () {
+  function skipBlockComment () {
     i += 2;
     while (i < jsString.length && (curr() !== '*' || next() !== '/')) {
       i++;
     }
     i += 2;
   }
 
+  // skip a comment '// ...'
+  function skipComment () {
+    i += 2;
+    while (i < jsString.length && (curr() !== '\n')) {
+      i++;
+    }
+  }
+
   // parse single or double quoted string
   function parseString(quote) {
     chars.push('"');
@@ -129,12 +134,15 @@ exports.sanitize = function (jsString) {
     var c = curr();
 
     if (c === '/' && next() === '*') {
+      skipBlockComment();
+    }
+    else if (c === '/' && next() === '/') {
       skipComment();
     }
     else if (c === '\'' || c === '"') {
       parseString(c);
     }
-    else if (/[a-zA-Z_$]/.test(c) && prevIsBrace()) {
+    else if (/[a-zA-Z_$]/.test(c) && ['{', ','].indexOf(lastNonWhitespace()) !== -1) {
       // an unquoted object key (like a in '{a:2}')
       parseKey();
     }

test/util.test.js

@@ -13,6 +13,7 @@ describe('util', function () {
       assert.equal(util.sanitize('{a:2}'), '{"a":2}');
       assert.equal(util.sanitize('{\'a\':2}'), '{"a":2}');
       assert.equal(util.sanitize('{a:\'foo\'}'), '{"a":"foo"}');
+      assert.equal(util.sanitize('{a:\'foo\',b:\'bar\'}'), '{"a":"foo","b":"bar"}');
 
       // should leave string content untouched
       assert.equal(util.sanitize('"{a:b}"'), '"{a:b}"');
@@ -28,6 +29,9 @@ describe('util', function () {
 
     it('remove comments', function () {
       assert.equal(util.sanitize('/* foo */ {}'), ' {}');
+      assert.equal(util.sanitize('/* foo */ {}'), ' {}');
+      assert.equal(util.sanitize('{a:\'foo\',/*hello*/b:\'bar\'}'), '{"a":"foo","b":"bar"}');
+      assert.equal(util.sanitize('{\na:\'foo\',//hello\nb:\'bar\'\n}'), '{\n"a":"foo",\n"b":"bar"\n}');
 
       // should not remove comments in string
       assert.equal(util.sanitize('{"str":"/* foo */"}'), '{"str":"/* foo */"}');