Last Comment Bug 512442 - JSON.parse accepts octal-syntax numbers as input
: JSON.parse accepts octal-syntax numbers as input
Status: RESOLVED FIXED
:
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: unspecified
: All All
: -- normal (vote)
: ---
Assigned To: Saint Wesonga
:
:
Mentors:
http://trac.webkit.org/export/47743/t...
Depends on: 564621 577060
Blocks:
  Show dependency treegraph
 
Reported: 2009-08-25 05:41 PDT by Oliver Hunt
Modified: 2011-05-27 22:53 PDT (History)
6 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description Oliver Hunt 2009-08-25 05:41:15 PDT
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6; en-us) AppleWebKit/531.5 (KHTML, like Gecko) Version/4.0.3 Safari/531.7
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.3a1pre) Gecko/20090824 Minefield/3.7a1pre

JSON.parse is accepting octal values, extra commas on the end of object notation, and new lines in strings all of which breaks the JSON.org spec, and that of ES5

Reproducible: Always

Steps to Reproduce:
1. Search for "FAIL" in the page at http://trac.webkit.org/export/47743/trunk/LayoutTests/fast/js/JSON-parse.html
Actual Results:  
You can find multiple failures

Expected Results:  
lots of green :D

The issue is that the JSON parser is being too lenient, just a few edge cases need to be tightened up
Comment 1 Oliver Hunt 2009-08-25 05:41:56 PDT
CC'ing brendan because i can never recall who works on JSON here :D
Comment 2 Brendan Eich [:brendan] 2009-08-25 09:47:11 PDT
You remember sayrer -- or you would if you came to Ecma TC39 meetings :-P.

/be
Comment 3 Saint Wesonga 2010-06-13 15:19:36 PDT
Is this something that we want to fix? Section 4 of RFC 4627 allows this tolerance as pointed out by the comment at http://mxr.mozilla.org/mozilla-central/source/dom/src/json/test/unit/test_decode.js#163
Comment 4 Jeff Walden [:Waldo] (remove +bmo to email) 2010-06-14 13:05:40 PDT
The RFC may tolerate this, but ES5 does not, and we implement the latter, not the former (except incidentally).
Comment 5 Saint Wesonga 2010-07-05 23:08:49 PDT
From the test URLs:

1. The test with this line is wrong:  return jsonObject.parse("\"a\tz\"");

We correctly throw an exception here (see bug 554079) - as does Chrome, but the test expects otherwise.

2. As for the test with the line:   return jsonObject.parse('[1,]');

We do not throw (and therefore pass the test). Chrome throws "SyntaxError: Unexpected token" and fails the test. Need to determine the right behavior for this.
Comment 6 Oliver Hunt 2010-07-06 09:58:46 PDT
(In reply to comment #5)
> From the test URLs:
> 
> 1. The test with this line is wrong:  return jsonObject.parse("\"a\tz\"");
> 
> We correctly throw an exception here (see bug 554079) - as does Chrome, but the
> test expects otherwise.

This exception needs to be thrown according to es5 now, so that is a test error

> 
> 2. As for the test with the line:   return jsonObject.parse('[1,]');
> 
> We do not throw (and therefore pass the test). Chrome throws "SyntaxError:
> Unexpected token" and fails the test. Need to determine the right behavior for
> this.

JSON doesn't allow additional commas in array or object literals.
Comment 7 Jeff Walden [:Waldo] (remove +bmo to email) 2011-03-17 19:01:11 PDT
At least after all the patches in my tree, the only parts of this bug that matter any more are the already-filed bug 572279 and accepting octal numbers.  So I'm going to repurpose this bug to deal with octals specifically as it's the only remaining issue without a bug.
Comment 8 Jeff Walden [:Waldo] (remove +bmo to email) 2011-05-27 22:53:05 PDT
Fixed by the parser rewrite in bug 589664.

Note You need to log in before you can comment on or make changes to this bug.