A few more deviations in JSON.stringify

Douglas Crockford douglas at crockford.com
Fri Jun 5 13:35:03 PDT 2009


Oliver Hunt wrote:
 > The
 > specified behaviour of the abstract operation Quote in section 15.12.3
 > states that only characters with a unicode number less than or equal to
 > 0x1f should be escaped.  My testing found that json2.js escapes a number
 > of other ranges of characters in unicode:
 > 0x0000-0x001f
 > 0x007f-0x009f
 > 0x00ad
 > 0x0600-0x0604
 > 0x070f
 > 0x17bf
 > 0x17b5
 > 0x200c-0x200f
 > 0x2028-0x202f
 > 0x2060-0x206f
 > 0xfeff
 > 0xfff0-0xffff
 >
 > Should json2.js be considered right in this behaviour?

There is a problem in E3 and its implementations where some characters can be 
deleted. This can cause

     "\?"

to be replaced with

     "\"

during JSON2's eval phase, which could allow evil script injection.

This is not a problem for ES5's JSON.parse.


More information about the es-discuss mailing list