pygeoapi
pygeoapi copied to clipboard
geopython
`to_json` does not properly escape values with single quotes
Description
If a json key has a single quote, when it is serialized by pygeoapi's to_json custom jinja filter, it is not escaped correctly and thus causes a syntax error if it is passed into other functions expecting json.
I came across this when rendering covjson data with displayCovJSON(JSON.parse('{{ data | to_json | safe }}'), { display: true })
Steps to Reproduce
- query an endpoint which returns covjson
- make sure there is a key containing a single quote
- i.e. say that the following key is part of the covjson output. Note the word its' in the description below
"17":{
"type":"Parameter",
"description":{
"en":"Average daily lake/reservoir spillway release in cubic feet per second (cfs). Lake/reservoir spillway release refers to water released from a reservoir via its' spillway structure(s) (typically open channels)."
},
"unit":{
"symbol":"cfs"
},
"observedProperty":{
"id":"17",
"label":{
"en":"Lake/Reservoir Release - Spillway"
}
}
},
- try to render the covjson leaflet map
- it should fail to render the map
Expected behavior
If I used the built in json filter: tojson instead of the custom one to_json, it works and escapes the character correctly. I expected to_json to have this same behavior, but also encode time as it is intended to.
Environment
- OS: MacOS Sonoma 14.3
- Python version: 3.10
- pygeoapi version: 0.19.dev0
Additional context
I ensured the returned covjson is valid and if I query with f=json and paste it into the covjson playground, it is valid
Image below shows the invalid json string inside of displayCovJSON(JSON.parse('{{ data | to_json | safe }}'), { display: true })
