That is, in V6 a smiley was serialized as any other UTF code point.
In V10 a smiley is (AFAICT...) supposed to be serialized like \ud83d\ude00 which of course breaks canonicalization :(
Q: Does any other JSON serializer actually do this kind of transformation?
thanx,
Anders
Hi ES-lovers,
I have co-authored a JSON canonicalization scheme, recently published as an RFC: https://www.rfc-editor.org/rfc/rfc8785.html
The work started with ES V6 as foundation since it made things really easy.
Serialization of quoted strings where taken "as is" from:
https://www.ecma-international.org/ecma-262/6.0/index.html#sec-quotejsonstring
However, to my dismay it seems that this has changed in more recent ES editions:
https://www.ecma-international.org/ecma-262/10.0/index.html#sec-quotejsonstring
That is, in V6 a smiley was serialized as any other UTF code point.
In V10 a smiley is (AFAICT...) supposed to be serialized like \ud83d\ude00 which of course breaks canonicalization :(
Q: What was the motivation for this change?
Q: How come Chrome, Edge, and Firefox do not honor this update?
Verification: https://cyberphone.github.io/doc/security/browser-json-canonicalization.html
Q: Does any other JSON serializer actually do this kind of transformation?
thanx,
Anders
Fortunately my analysis was wrong, all systems are go!
The revised serialization deals with pathological UTF which RFC 8785 anyway outlaws.
Anders
Fortunately my analysis was wrong, all systems are go!
The revised serialization deals with pathological UTF which RFC 8785 anyway outlaws.
Anders
On 2020-09-21 05:56, Anders Rundgren wrote:
> Hi ES-lovers,
>
> I have co-authored a JSON canonicalization scheme, recently published as an RFC: https://www.rfc-editor.org/rfc/rfc8785.html
>
> The work started with ES V6 as foundation since it made things really easy.
>
> Serialization of quoted strings where taken "as is" from:
> https://www.ecma-international.org/ecma-262/6.0/index.html#sec-quotejsonstring
>
> However, to my dismay it seems that this has changed in more recent ES editions:
> https://www.ecma-international.org/ecma-262/10.0/index.html#sec-quotejsonstring
>
> That is, in V6 a smiley was serialized as any other UTF code point.
> In V10 a smiley is (AFAICT...) supposed to be serialized like \ud83d\ude00 which of course breaks canonicalization :(
>
> Q: What was the motivation for this change?
>
> Q: How come Chrome, Edge, and Firefox do not honor this update?
> Verification: https://cyberphone.github.io/doc/security/browser-json-canonicalization.html
>
> Q: Does any other JSON serializer actually do this kind of transformation?
>
> thanx,
> Anders
>
>
lovers,
I have co-authored a JSON canonicalization scheme, recently published as an RFC: www.rfc-editor.org/rfc/rfc8785.html
The work started with ES V6 as foundation since it made things really easy.
Serialization of quoted strings where taken "as is" from: www.ecma-international.org/ecma-262/6.0/index.html#sec-quotejsonstring
However, to my dismay it seems that this has changed in more recent ES editions: www.ecma-international.org/ecma-262/10.0/index.html#sec-quotejsonstring
That is, in V6 a smiley was serialized as any other UTF code point. In V10 a smiley is (AFAICT...) supposed to be serialized like \ud83d\ude00 which of course breaks canonicalization :(
Q: What was the motivation for this change?
Q: How come Chrome, Edge, and Firefox do not honor this update? Verification: cyberphone.github.io/doc/security/browser-json-canonicalization.html
Q: Does any other JSON serializer actually do this kind of transformation?
thanx, Anders