Skip to content

Sanitize control characters from role name and description before submission#668

Merged
oharsta merged 2 commits intomainfrom
copilot/fix-illegal-character-role-name
Feb 28, 2026
Merged

Sanitize control characters from role name and description before submission#668
oharsta merged 2 commits intomainfrom
copilot/fix-illegal-character-role-name

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Feb 28, 2026
edited
Loading

Entering a newline (or any other ASCII control character) in a role's name or description caused the server to throw HttpMessageNotReadableException: JSON parse error: Illegal unquoted character ((CTRL-CHAR, code 10)), since control characters are invalid in unescaped JSON strings.

Changes

  • client/src/pages/RoleForm.jsx — In submit(), strip all ASCII control characters (\u0000–\u001F, \u007F) from name and description and trim the result before the payload is sent to the API:
const newRoleData = {
    ...role,
    name: (role.name || "").replace(/[\u0000-\u001F\u007F]/g, " ").trim(),
    description: (role.description || "").replace(/[\u0000-\u001F\u007F]/g, " ").trim(),
    applicationUsages: ...
};

Sanitization is applied at submission time only, so the user's in-progress input is not affected while typing.

Original prompt

This section details on the original issue you should resolve

<issue_title>Illegal unquoted character in Rol naam?</issue_title>
<issue_description>Er lijkt een fout op te treden bij het gebruik van een newline in de rol naam:

Illegal unquoted character ((CTRL-CHAR, code 10)): has to be escaped using backslash to be included in string value

Verderop wordt verwezen naar invite.model.RoleRequest["name"]

Kunnen we dit afvangen in de UI?

Feb 27 10:17:53 docker2.test.ams.surfconext.nl inviteserver[878]: 2026-02-27 10:17:53,814  WARN [http-nio-8080-exec-1] o.s.w.s.m.s.DefaultHandlerExceptionResolver:254 - Resolved [org.springframework.http.converter.HttpMessageNotReadableException: JSON parse error: Illegal unquoted character ((CTRL-CHAR, code 10)): has to be escaped using backslash to be included in string value]
Feb 27 10:17:53 docker2.test.ams.surfconext.nl inviteserver[878]: 2026-02-27 10:17:53,814 ERROR [http-nio-8080-exec-1] invite.api.DefaultErrorController:64 - Error occurred; org.springframework.http.converter.HttpMessageNotReadableException: JSON parse error: Illegal unquoted character ((CTRL-CHAR, code 10)): has to be escaped using backslash to be included in string value
Feb 27 10:17:53 docker2.test.ams.surfconext.nl inviteserver[878]: org.springframework.http.converter.HttpMessageNotReadableException: JSON parse error: Illegal unquoted character ((CTRL-CHAR, code 10)): has to be escaped using backslash to be included in string value
Feb 27 10:17:53 docker2.test.ams.surfconext.nl inviteserver[878]: #011at org.springframework.http.converter.json.AbstractJackson2HttpMessageConverter.readJavaType(AbstractJackson2HttpMessageConverter.java:408)
Feb 27 10:17:53 docker2.test.ams.surfconext.nl inviteserver[878]: #011at org.springframework.http.converter.json.AbstractJackson2HttpMessageConverter.read(AbstractJackson2HttpMessageConverter.java:356)
Feb 27 10:17:53 docker2.test.ams.surfconext.nl inviteserver[878]: #011at org.springframework.web.servlet.mvc.method.annotation.AbstractMessageConverterMethodArgumentResolver.readWithMessageConverters(AbstractMessageConverterMethodArgumentResolver.java:204)
Feb 27 10:17:53 docker2.test.ams.surfconext.nl inviteserver[878]: #011at org.springframework.web.servlet.mvc.method.annotation.RequestResponseBodyMethodProcessor.readWithMessageConverters(RequestResponseBodyMethodProcessor.java:176)
Feb 27 10:17:53 docker2.test.ams.surfconext.nl inviteserver[878]: #011at org.springframework.web.servlet.mvc.method.annotation.RequestResponseBodyMethodProcessor.resolveArgument(RequestResponseBodyMethodProcessor.java:150)
Feb 27 10:17:53 docker2.test.ams.surfconext.nl inviteserver[878]: #011at org.springframework.web.method.support.HandlerMethodArgumentResolverComposite.resolveArgument(HandlerMethodArgumentResolverComposite.java:122)
Feb 27 10:17:53 docker2.test.ams.surfconext.nl inviteserver[878]: #011at org.springframework.web.method.support.InvocableHandlerMethod.getMethodArgumentValues(InvocableHandlerMethod.java:227)
Feb 27 10:17:53 docker2.test.ams.surfconext.nl inviteserver[878]: #011at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:181)
Feb 27 10:17:53 docker2.test.ams.surfconext.nl inviteserver[878]: #011at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:118)
Feb 27 10:17:53 docker2.test.ams.surfconext.nl inviteserver[878]: #011at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:991)
Feb 27 10:17:53 docker2.test.ams.surfconext.nl inviteserver[878]: #011at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:896)
Feb 27 10:17:53 docker2.test.ams.surfconext.nl inviteserver[878]: #011at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
Feb 27 10:17:53 docker2.test.ams.surfconext.nl inviteserver[878]: #011at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1089)
Feb 27 10:17:53 docker2.test.ams.surfconext.nl inviteserver[878]: #011at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:979)
Feb 27 10:17:53 docker2.test.ams.surfconext.nl inviteserver[878]: #011at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1014)
Feb 27 10:17:53 docker2.test.ams.surfconext.nl inviteserver[878]: #011at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:914)
Feb 27 10:17:53 docker2.test.ams.surfconext.nl inviteserver[878]: #011at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:590)
Feb 27 10:17:53 docker2.test.ams.surfconext.nl inviteserver[878]: #011at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:885)
Feb 27 10:17:53 docker2.te...

</details>



<!-- START COPILOT CODING AGENT SUFFIX -->

- Fixes OpenConext/OpenConext-Invite#666

<!-- START COPILOT CODING AGENT TIPS -->
---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. [Learn more about Advanced Security.](https://gh.io/cca-advanced-security)

@oharsta oharsta moved this from New to In Progress in Openconext-Invite Feb 28, 2026
@oharsta
Sanitize role name and description to prevent JSON control character …
a375ee4 
…errors

Co-authored-by: oharsta <530657+oharsta@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix illegal unquoted character issue in role name Sanitize control characters from role name and description before submission Feb 28, 2026
@oharsta oharsta marked this pull request as ready for review February 28, 2026 07:53
@oharsta oharsta merged commit a5dbc3a into main Feb 28, 2026
4 checks passed
@github-project-automation github-project-automation bot moved this from In Progress to Delivered in Openconext-Invite Feb 28, 2026
@oharsta oharsta deleted the copilot/fix-illegal-character-role-name branch February 28, 2026 08:44
@phavekes phavekes added this to the 1.1.0 milestone Mar 19, 2026
@phavekes phavekes moved this from Delivered to Ready for release in Openconext-Invite Mar 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@oharsta oharsta

Copilot code review Copilot

Labels

None yet

Projects

Openconext-Invite
Status: Ready for release

Milestone

1.1.0

Development

Successfully merging this pull request may close these issues.

3 participants

@oharsta @phavekes