JSON.stringify() has been "improved"
anders.rundgren.net at gmail.com
Mon Sep 21 05:16:12 UTC 2020
Fortunately my analysis was wrong, all systems are go!
The revised serialization deals with pathological UTF which RFC 8785 anyway outlaws.
On 2020-09-21 05:56, Anders Rundgren wrote:
> Hi ES-lovers,
> I have co-authored a JSON canonicalization scheme, recently published as an RFC: https://www.rfc-editor.org/rfc/rfc8785.html
> The work started with ES V6 as foundation since it made things really easy.
> Serialization of quoted strings where taken "as is" from:
> However, to my dismay it seems that this has changed in more recent ES editions:
> That is, in V6 a smiley was serialized as any other UTF code point.
> In V10 a smiley is (AFAICT...) supposed to be serialized like \ud83d\ude00 which of course breaks canonicalization :(
> Q: What was the motivation for this change?
> Q: How come Chrome, Edge, and Firefox do not honor this update?
> Verification: https://cyberphone.github.io/doc/security/browser-json-canonicalization.html
> Q: Does any other JSON serializer actually do this kind of transformation?
More information about the es-discuss