Mastodon: Invalid JSON in /api/v1/instance when there's japanese and html tags

It looks like an issue with broken escaping of quotes around html attributes

But how? Is this a bug in Oj, or is it a bug in active_model_serializers, or did I do something wrong? :scream:

The reason the JSON is invalid is because the \ that escapes the " is itself escaped. How is this happening? There is nothing unusual about the way this attribute is passed to active_model_serializers as far as I can see

If it was a double escape, it should come out as \\\". i'm having trouble finding a way this could happen tbh

Okay, another note: mastodon.social also contains HTML in the description, including links and quotes. Valid JSON: https://mastodon.social/api/v1/instance/

Something is specifically off about either those strings, or the software those instances run..?

I'm almost sure all of them have japanese in their description -- I'll dig the results further to see if there's other differences in their description.

Regarding the software they run, from the ones I linked in the original issues, two runs HOPMOON/mastodon 2.3.3, one unreported fork 2.3.3, and one tootsuite 2.3.3 (maybe it's a fork too, but I couldn't see any differences in the /about/more page and source code links to tootsuite).

Other instances:

• https://moji.m.to (hopmoon, 2.3.3)
• https://yumejo.m.to (hopmoon, 2.3.3)
• https://betoviet.m.to (hopmoon, 2.3.3)
• https://oninawadon.m.to (tootsuite, 2.3.3)
• https://lianiis.m.to (tootsuite, 2.3.3)
• https://azurlane.m.to (hopmoon, 2.3.3)
• https://scp.m.to (hopmoon, 2.3.3)

🤷‍♂️

i have time to look into this today.

I couldn't reproduce this in a dev environment using any of the provided descriptions:

I suspect that the instances in question are running the BBCode or Markdown mastodon patch that's common in the japanese fediverse, and that's causing a malformed result here. I'm going to confirm this by checking out the tagged 2.3.3 release and seeing if I can reproduce the issue there.

I confirmed that I could not reproduce this on the 2.3.3 release using this instance description:

<a href="http://www.smbook.com/" target="_blank"><em>SM BOOK</em></a>の管理人「鬼縄」が下記のキーワードに惹かれる人とのプライベートな交流を目的とする鬼縄の個人インスタンスです。 <em>鬼縄と私的な交流を望まない方はご遠慮下さい。 </em><br><br>
「鬼縄丼」にはこのような具が詰まっています。<br>
#緊縛 #快楽責め #焦らし #寸止め #筆責め #羞恥責め #バイブ責め #フェラ #美脚 #腋の下 #媚薬 #こぶ縄 #拷問 #大の字縛り #快楽堕ち #強制オナニー #磔 #妄想 #被虐のヒロイン #ワルモノ #ハイヒール #電マ #昭和
 <br><br> 
<a href="http://www.oninawa.net/"><em>鬼縄の緊縛用麻縄商店</em></a> <br><br> 
<a href="http://www.smbookshop.jp/"><em>SM BOOK のオフィシャルＳＭグッズ専門ショップ</em></a>

and other more complicated ones. Do you think you could contact any of the admins involved to see what patches they may be running, if any?

(I'm happy to look at any of the patched code, btw, and try to troubleshoot it, but i'm closing since this doesn't seem to be an issue affecting tootsuite tagged or master)

Ok :)

I've tried contacting them (looks like it's a web hosting service, we'll see :)

Thanks @nightpool

It's fixed on their side. Wasn't related at all to Mastodon — they re-implemented this endpoint in PHP.

they what