Oliver Hunt wrote:
> The
> specified behaviour of the abstract operation Quote in section 15.12.3
> states that only characters with a unicode number less than or equal to
> 0x1f should be escaped. My testing found that json2.js escapes a number
> of other ranges of characters in unicode:
> 0x0000-0x001f
> 0x007f-0x009f
> 0x00ad
> 0x0600-0x0604
> 0x070f
> 0x17bf
> 0x17b5
> 0x200c-0x200f
> 0x2028-0x202f
> 0x2060-0x206f
> 0xfeff
> 0xfff0-0xffff
>
> Should json2.js be considered right in this behaviour?
There is a problem in E3 and its implementations where some characters can be
deleted. This can cause
"\?"
to be replaced with
"\"
during JSON2's eval phase, which could allow evil script injection.
This is not a problem for ES5's JSON.parse.
_______________________________________________
es-discuss mailing list
[email protected]
https://mail.mozilla.org/listinfo/es-discuss
