refactor: improve JSON escaping in escapeJsonForScript and enhance isFullscreen parsing logic

paustint · paustint · commit 5bfeb05c085d · 2026-04-05T11:41:38.000-07:00
diff --git a/apps/api/src/app/utils/canvas.utils.ts b/apps/api/src/app/utils/canvas.utils.ts
@@ -10,7 +10,13 @@ import { join } from 'node:path';
  * that would break the enclosing JS string literal.
  */
 export function escapeJsonForScript(json: string): string {
-  return json.replace(/</g, '\\u003c').replace(/>/g, '\\u003e').replace(/\//g, '\\u002f').replace(/'/g, '\\u0027');
+  return json
+    .replace(/</g, '\\u003c')
+    .replace(/>/g, '\\u003e')
+    .replace(/\//g, '\\u002f')
+    .replace(/'/g, '\\u0027')
+    .replace(/\u2028/g, '\\u2028')
+    .replace(/\u2029/g, '\\u2029');
 }
 
 /**
diff --git a/apps/jetstream-canvas/src/app/app.tsx b/apps/jetstream-canvas/src/app/app.tsx
@@ -13,7 +13,9 @@ import './core/monaco-loader';
 const Sfdc = window.Sfdc;
 
 // The fullscreen VF page passes { isFullScreen: true } via the apex:canvasApp parameters attribute
-const isFullscreen = z.coerce.boolean().default(true).parse(sr.context?.environment?.parameters?.isFullScreen);
+const isFullscreen = z
+  .preprocess((val) => (val === undefined ? true : val), z.coerce.boolean())
+  .parse(sr.context?.environment?.parameters?.isFullScreen);
 
 export const App = () => {
   return (
diff --git a/apps/jetstream-canvas/src/controllers/route.utils.ts b/apps/jetstream-canvas/src/controllers/route.utils.ts
@@ -66,11 +66,7 @@ export function createRoute<TParamsSchema extends z.ZodTypeAny, TBodySchema exte
     if (req.request.method !== 'GET' && !skipBodyParsing) {
       const contentType = req.request.headers.get('content-type') ?? '';
       if (contentType.startsWith('application/json')) {
-        try {
-          parsedBody = await req.request.json();
-        } catch {
-          // headers may not have been correct, just ignore and continue
-        }
+        parsedBody = await req.request.json();
       } else if (contentType.startsWith('application/zip')) {
         parsedBody = await req.request.arrayBuffer();
       } else {
@@ -81,7 +77,7 @@ export function createRoute<TParamsSchema extends z.ZodTypeAny, TBodySchema exte
     try {
       const data = {
         params: params ? params.parse(req.params) : undefined,
-        body: body && parsedBody !== undefined ? body.parse(parsedBody) : undefined,
+        body: body ? body.parse(parsedBody) : undefined,
         query: query ? query.parse(queryParams) : undefined,
         jetstreamConn: req.jetstreamConn,
         targetJetstreamConn: req.targetJetstreamConn,
