From 149bd9cd4313aedfb593d2e67ad9e1b9c1ac6517 Mon Sep 17 00:00:00 2001
From: Eric Bariaux <375613+ebariaux@users.noreply.github.com>
Date: Wed, 10 Dec 2025 16:09:58 +0100
Subject: [PATCH] Properly escape JS string passed to WebView, it was crashing
 before when single quote in payload

---
 .../java/io/openremote/orlib/ui/OrMainActivity.kt | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/ORLib/src/main/java/io/openremote/orlib/ui/OrMainActivity.kt b/ORLib/src/main/java/io/openremote/orlib/ui/OrMainActivity.kt
index c26d941..bf2fa1b 100644
--- a/ORLib/src/main/java/io/openremote/orlib/ui/OrMainActivity.kt
+++ b/ORLib/src/main/java/io/openremote/orlib/ui/OrMainActivity.kt
@@ -949,14 +949,11 @@ open class OrMainActivity : Activity() {
             var jsonString = mapper.writeValueAsString(data)
             LOG.info("Sending response to client: $jsonString")
 
-            // Double escape quotes (this is needed for browsers to be able to parse the response)
-            jsonString = jsonString.replace("\\\"", "\\\\\"")
-
             runOnUiThread {
                 binding.webView.evaluateJavascript(
                     String.format(
                         "OpenRemoteConsole._handleProviderResponse('%s')",
-                        jsonString
+                        jsonString.escapeForJavaScript()
                     ), null
                 )
             }
@@ -965,6 +962,16 @@ open class OrMainActivity : Activity() {
         }
     }
 
+    private fun String.escapeForJavaScript(): String {
+        return this
+            .replace("\\", "\\\\")
+            .replace("'", "\\'")
+            .replace("\"", "\\\"")
+            .replace("\n", "\\n")
+            .replace("\r", "\\r")
+            .replace("\t", "\\t")
+    }
+
     private fun onConnectivityChanged(connectivity: Boolean) {
         LOG.info("Connectivity changed: $connectivity")
         if (connectivity && !webViewIsLoading && !lastConnectivity) {