A few more deviations in JSON.stringify

# Oliver Hunt (16 years ago)

The specified behaviour of the abstract operation Quote in section
15.12.3 states that only characters with a unicode number less than or
equal to 0x1f should be escaped. My testing found that json2.js
escapes a number of other ranges of characters in unicode: 0x0000-0x001f 0x007f-0x009f 0x00ad 0x0600-0x0604 0x070f 0x17bf 0x17b5 0x200c-0x200f 0x2028-0x202f 0x2060-0x206f 0xfeff 0xfff0-0xffff

Should json2.js be considered right in this behaviour?

The specified behaviour of the abstract operation Quote in section  
15.12.3 states that only characters with a unicode number less than or  
equal to 0x1f should be escaped.  My testing found that json2.js  
escapes a number of other ranges of characters in unicode:
0x0000-0x001f
0x007f-0x009f
0x00ad
0x0600-0x0604
0x070f
0x17bf
0x17b5
0x200c-0x200f
0x2028-0x202f
0x2060-0x206f
0xfeff
0xfff0-0xffff

Should json2.js be considered right in this behaviour?

--Oliver

# Allen Wirfs-Brock (16 years ago)

Doug????

Doug????

>-----Original Message-----
>From: es-discuss-bounces at mozilla.org [mailto:es-discuss-
>bounces at mozilla.org] On Behalf Of Oliver Hunt
>Sent: Thursday, June 04, 2009 10:58 PM
>To: es-discuss at mozilla.org
>Subject: A few more deviations in JSON.stringify
>
>The specified behaviour of the abstract operation Quote in section
>15.12.3 states that only characters with a unicode number less than or
>equal to 0x1f should be escaped.  My testing found that json2.js
>escapes a number of other ranges of characters in unicode:
>0x0000-0x001f
>0x007f-0x009f
>0x00ad
>0x0600-0x0604
>0x070f
>0x17bf
>0x17b5
>0x200c-0x200f
>0x2028-0x202f
>0x2060-0x206f
>0xfeff
>0xfff0-0xffff
>
>Should json2.js be considered right in this behaviour?
>
>--Oliver
>
>_______________________________________________
>es-discuss mailing list
>es-discuss at mozilla.org
>https://mail.mozilla.org/listinfo/es-discuss

# Douglas Crockford (16 years ago)

Oliver Hunt wrote:

The specified behaviour of the abstract operation Quote in section 15.12.3 states that only characters with a unicode number less than or equal to 0x1f should be escaped. My testing found that json2.js escapes a number of other ranges of characters in unicode: 0x0000-0x001f 0x007f-0x009f 0x00ad 0x0600-0x0604 0x070f 0x17bf 0x17b5 0x200c-0x200f 0x2028-0x202f 0x2060-0x206f 0xfeff 0xfff0-0xffff

Should json2.js be considered right in this behaviour?

There is a problem in E3 and its implementations where some characters can be deleted. This can cause

 "\?"

to be replaced with

"\"

during JSON2's eval phase, which could allow evil script injection.

This is not a problem for ES5's JSON.parse.

Oliver Hunt wrote:
 > The
 > specified behaviour of the abstract operation Quote in section 15.12.3
 > states that only characters with a unicode number less than or equal to
 > 0x1f should be escaped.  My testing found that json2.js escapes a number
 > of other ranges of characters in unicode:
 > 0x0000-0x001f
 > 0x007f-0x009f
 > 0x00ad
 > 0x0600-0x0604
 > 0x070f
 > 0x17bf
 > 0x17b5
 > 0x200c-0x200f
 > 0x2028-0x202f
 > 0x2060-0x206f
 > 0xfeff
 > 0xfff0-0xffff
 >
 > Should json2.js be considered right in this behaviour?

There is a problem in E3 and its implementations where some characters can be 
deleted. This can cause

     "\?"

to be replaced with

     "\"

during JSON2's eval phase, which could allow evil script injection.

This is not a problem for ES5's JSON.parse.