Skip to content

fix: escape JSON pointer tokens in generated paths#22

Merged
marcolink merged 2 commits into
mainfrom
fix/issue-21-json-pointer-escaping
Feb 12, 2026
Merged

fix: escape JSON pointer tokens in generated paths#22
marcolink merged 2 commits into
mainfrom
fix/issue-21-json-pointer-escaping

Conversation

@marcolink
Copy link
Copy Markdown
Owner

@marcolink marcolink commented Feb 11, 2026
edited
Loading

Summary

This PR fixes JSON Pointer path generation to be RFC 6901-compliant when object keys contain reserved characters.

Previously, generated patch paths used raw object keys, which produced invalid/ambiguous pointers for keys containing /, ~, or empty string keys. This affected generated JSON Patch operations (path and from) and could break downstream patch application.

Closes #21.
cc @BrianHuf

What changed

Added JSON Pointer token escaping in path construction:

  • ~ -> ~0
  • / -> ~1
  • Centralized object-key path construction through a helper so add/replace/remove paths are consistently escaped.
  • Kept implementation dependency-free (no new packages added).

Tests added/updated

  • Escaping for keys with / and ~
  • RFC 6901 escape ordering case (~1 token -> ~01)
  • Empty-string keys (/ and nested trailing /)
  • Non-reserved characters remain unescaped
  • Escaped paths for move operations (from and path)
  • maxDepth behavior with slash-containing keys

@marcolink marcolink requested a review from Copilot February 11, 2026 19:05
Copilot AI reviewed Feb 11, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR implements RFC 6901-compliant JSON Pointer path generation by escaping reserved characters (~ and /) in object keys. Previously, keys containing these characters generated invalid JSON Pointer paths that could break patch operations.

Changes:

  • Added escapeReferenceToken() and buildPath() helper functions to centralize and standardize path construction with proper character escaping
  • Replaced inline path construction logic with calls to buildPath() to ensure consistent escaping across add/replace/remove operations
  • Added comprehensive test coverage for escape scenarios including slash-containing keys, tilde tokens, empty strings, RFC 6901 ordering, move operations, and maxDepth behavior

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
src/index.ts Adds JSON Pointer token escaping functions and refactors path construction to use centralized buildPath() helper
src/index.spec.ts Adds test cases covering various escape scenarios, edge cases, and integration with existing features

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/index.ts
Comment thread src/index.ts
@marcolink marcolink merged commit ff12c21 into main Feb 12, 2026
2 checks passed
@marcolink marcolink deleted the fix/issue-21-json-pointer-escaping branch February 12, 2026 09:17
github-actions Bot pushed a commit that referenced this pull request Feb 12, 2026
@semantic-release-bot
chore(release): 1.2.6 [skip ci]
2fc4823 
## [1.2.6](v1.2.5...v1.2.6) (2026-02-12)

### Bug Fixes

* escape JSON pointer tokens in generated paths ([#22](#22)) ([ff12c21](ff12c21))
@marcolink
Copy link
Copy Markdown
Owner Author

marcolink commented Feb 12, 2026

@BrianHuf fix is part of generate-json-patch@1.2.8 (took a phew turns to switch to trusted publishing 😆)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

json pointer escaping needed

2 participants

@marcolink