JSON.parse should allow only numbers conforming to NFA spec at json.org

RESOLVED FIXED

Status

()

Core
JavaScript Engine
RESOLVED FIXED
7 years ago
3 years ago

People

(Reporter: Saint Wesonga, Assigned: Saint Wesonga)

Tracking

Trunk
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

10.31 KB, patch
Details | Diff | Splinter Review
(Assignee)

Description

7 years ago
Only { x | abs(x) < 1 } can have a leading 0
At most 1 leading zero is allowed
there MUST be at least one digit after the decimal point
ONLY a digit or a minus sign can start a number
(Assignee)

Updated

7 years ago
Blocks: 512442
(Assignee)

Comment 1

7 years ago
Created attachment 456142 [details] [diff] [review]
WIP
Assignee: general → wesongathedeveloper
Status: NEW → ASSIGNED
(Assignee)

Comment 2

7 years ago
Created attachment 457224 [details] [diff] [review]
Patch
Attachment #456142 - Attachment is obsolete: true
Attachment #457224 - Flags: review?(sayrer)

Comment 3

7 years ago
I will test perf on this before reviewing.
The JSONParserState additions aren't commented, according with the current entries.  That's changing in bug 564621, whose patch is finished but which can't land quite yet for yak-shaving reasons.  However, the JSONParserState documentation can be split out of it, so I'm going to do that now so you can make additions here without having them either undocumented or anomalously documented.  The rest of those changes should (fingers crossed) have minimal intersection with the patch here.
Pushed those docs changes, so you should be able to update the patch with docs for the JSONParserState changes now:

http://hg.mozilla.org/tracemonkey/rev/db4607b00594

You may fire when ready, Gridley.
The parser rewrite fixes this.  (And sigh, yet another patch that got left dangling.  :-( )
Depends on: 589664
Fixed by the parser rewrite in bug 589664.
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
For the record, rejecting leading zeroes broke someone's intranet application.  Worth knowing, perhaps, although I don't think we should do anything about it (nor should we have done differently at the time if we'd known):

http://whereswalden.com/2011/06/06/i-feel-the-need-the-need-for-json-parsing-correctness-and-speed/#comment-153900

They targeted Firefox 3 and 4 only, hence why no other browser complained to make them fix.

Updated

6 years ago
Attachment #457224 - Flags: review?(sayrer)
You need to log in before you can comment on or make changes to this bug.