Hi All,
A number of JS tools including Node.js, Chrome, Firefox, and Safari nowadays support the
more advanced version of "Number" serialization defined by ECMA in section
7.1.12.1 including NOTE 2 in https://www.ecma-international.org/ecma-262/6.0/ECMA-262.pdf
Nashorn as featured in OpenJDK version "1.8.0_151" does not appear following
this specification leading to subtle interoperability problems:
jjs> JSON.parse('{"v":5e-324}').v
4.9e-324
Chrome:
JSON.parse('{"v":5e-324}').v
5e-324
Why would that ever lead to an interoperability problem you might [rightfully]
wonder?
Well, there a tentative IETF effort establishing a digital signature standard for JSON
objects that works with clear text messages. This among many things requires that data
types have a "normalized" form. ECMA has essentially done that which together
with creation ordering of properties (modulo properties with names expressed as integers)
makes the rest pretty simple.
Related: https://bugs.openjdk.java.net/browse/JDK-8149075
Cheers,
Anders Rundgren
https://cyberphone.github.io/doc/security/jose-jcs.html#Normalization_and_Signature_Validation
