Skip to content

OrderSchemaItems.MarshalJSON generates invalid JSON when keys contain special characters (e.g. newline) #216

New issue
New issue
Open
Open
OrderSchemaItems.MarshalJSON generates invalid JSON when keys contain special characters (e.g. newline)#216
@swathi-srikantaiah

Description

@swathi-srikantaiah
swathi-srikantaiah
opened on Jun 25, 2025

Description:
The MarshalJSON method of OrderSchemaItems manually writes JSON object keys directly as strings without escaping special characters such as newline (\n). This leads to invalid JSON output and causes JSON parsing failures.

How to reproduce the same?

package main

import (
	"bytes"
	"encoding/json"
	"fmt"
)

type Schema struct {
	Name string
}

type OrderSchemaItem struct {
	Name   string
	Schema Schema
}

func main() {
	items := []OrderSchemaItem{
		{
			Name:   "emails\n", // Key contains newline character
			Schema: Schema{Name: "string"},
		},
	}

	buf := bytes.NewBufferString("{")
	for i, item := range items {
		if i > 0 {
			buf.WriteString(",")
		}
		// Writes key directly without escaping special chars
		buf.WriteString("\"")
		buf.WriteString(item.Name)
		buf.WriteString("\":")

		bs, err := json.Marshal(item.Schema)
		if err != nil {
			panic(err)
		}
		buf.Write(bs)
	}
	buf.WriteString("}")

	var out map[string]interface{}
	err := json.Unmarshal(buf.Bytes(), &out)
	if err != nil {
		fmt.Println("JSON parse failed:", err)
		fmt.Println(" Raw JSON:", buf.String())
		return
	}

	fmt.Println(" Successfully parsed:", out)
}

Actual Output:
JSON parse failed: invalid character '\n' after object key
Raw JSON: {"emails
": {"Name": "string"}}

Root Cause:
The current implementation of OrderSchemaItems.MarshalJSON writes JSON keys directly into a buffer without escaping them:

buf.WriteString("\"")
buf.WriteString(items[i].Name)
buf.WriteString("\":")

This works only if the key string contains no special characters. If the key includes characters like:

  • newline (\n)
  • quote (")
  • backslash ()
  • control characters (e.g. tab, carriage return)

then the resulting JSON becomes invalid — and unmarshaling fails with errors like:

invalid character '\n' after object key

Real-World Use Case:
This failure is particularly problematic when key names are dynamically generated from user input, field metadata, or schema definitions. For example, in OpenAPI tools that consume Swagger specs, field names like "user\nname" may be auto-generated or derived from form labels or database field comments.

These keys might seem harmless but break downstream tooling that expects valid JSON.

Expected Behavior:
The JSON keys containing special characters such as newlines should be properly escaped (e.g., "emails\n" → "emails\n") to produce valid JSON.

Suggested Fix:
Modify OrderSchemaItems.MarshalJSON to marshal keys using json.Marshal instead of writing them directly, e.g.:

keyBytes, err := json.Marshal(items[i].Name)
if err != nil {
	return nil, err
}
buf.Write(keyBytes)
buf.WriteString(":")

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions