JSON.parse accepts octal-syntax numbers as input

RESOLVED FIXED

Status

()

Core
JavaScript Engine
RESOLVED FIXED
8 years ago
6 years ago

People

(Reporter: Oliver Hunt, Assigned: Saint Wesonga)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6; en-us) AppleWebKit/531.5 (KHTML, like Gecko) Version/4.0.3 Safari/531.7
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.3a1pre) Gecko/20090824 Minefield/3.7a1pre

JSON.parse is accepting octal values, extra commas on the end of object notation, and new lines in strings all of which breaks the JSON.org spec, and that of ES5

Reproducible: Always

Steps to Reproduce:
1. Search for "FAIL" in the page at http://trac.webkit.org/export/47743/trunk/LayoutTests/fast/js/JSON-parse.html
Actual Results:  
You can find multiple failures

Expected Results:  
lots of green :D

The issue is that the JSON parser is being too lenient, just a few edge cases need to be tightened up
(Reporter)

Comment 1

8 years ago
CC'ing brendan because i can never recall who works on JSON here :D
You remember sayrer -- or you would if you came to Ecma TC39 meetings :-P.

/be
Status: UNCONFIRMED → NEW
Ever confirmed: true
(Assignee)

Updated

8 years ago
Assignee: general → wesongathedeveloper
(Assignee)

Comment 3

7 years ago
Is this something that we want to fix? Section 4 of RFC 4627 allows this tolerance as pointed out by the comment at http://mxr.mozilla.org/mozilla-central/source/dom/src/json/test/unit/test_decode.js#163
The RFC may tolerate this, but ES5 does not, and we implement the latter, not the former (except incidentally).
(Assignee)

Updated

7 years ago
Depends on: 577060
(Assignee)

Comment 5

7 years ago
From the test URLs:

1. The test with this line is wrong:  return jsonObject.parse("\"a\tz\"");

We correctly throw an exception here (see bug 554079) - as does Chrome, but the test expects otherwise.

2. As for the test with the line:   return jsonObject.parse('[1,]');

We do not throw (and therefore pass the test). Chrome throws "SyntaxError: Unexpected token" and fails the test. Need to determine the right behavior for this.
(Assignee)

Updated

7 years ago
Status: NEW → ASSIGNED
(Reporter)

Comment 6

7 years ago
(In reply to comment #5)
> From the test URLs:
> 
> 1. The test with this line is wrong:  return jsonObject.parse("\"a\tz\"");
> 
> We correctly throw an exception here (see bug 554079) - as does Chrome, but the
> test expects otherwise.

This exception needs to be thrown according to es5 now, so that is a test error

> 
> 2. As for the test with the line:   return jsonObject.parse('[1,]');
> 
> We do not throw (and therefore pass the test). Chrome throws "SyntaxError:
> Unexpected token" and fails the test. Need to determine the right behavior for
> this.

JSON doesn't allow additional commas in array or object literals.
(Assignee)

Updated

7 years ago
Depends on: 564621
At least after all the patches in my tree, the only parts of this bug that matter any more are the already-filed bug 572279 and accepting octal numbers.  So I'm going to repurpose this bug to deal with octals specifically as it's the only remaining issue without a bug.
Summary: JSON.parse is too lenient → JSON.parse accepts octal-syntax numbers as input
Fixed by the parser rewrite in bug 589664.
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.