Edit report at https://bugs.php.net/bug.php?id=65082&edit=1
ID: 65082
User updated by: masakielastic at gmail dot com
Reported by: masakielastic at gmail dot com
Summary: json_encode's option for replacing ill-formd byte
sequences with substitute cha
Status: Assigned
Type: Feature/Change Request
Package: JSON related
Operating System: All
PHP Version: 5.5.0
Assigned To: remi
Block user comment: N
Private report: N
New Comment:
As for JSON_NOTUTF8_IGNORE, the description for security is needed in the
manual
like htmlspecialchars's ENT_IGNORE
http://www.php.net/manual/en/function.htmlspecialchars.php
That's why I didn't sugguest JSON_IGNORE in the draft and showed Escaping RFC's
link
as resource.
UNICODE SECURITY CONSIDERATIONS
http://www.unicode.org/reports/tr36/#Deletion_of_Noncharacters
IDS11-J. Eliminate noncharacter code points before validation
https://www.securecoding.cert.org/confluence/display/java/IDS11-
J.+Eliminate+noncharacter+code+points+before+validation
Previous Comments:
------------------------------------------------------------------------
[2013-07-14 12:31:29] masakielastic at gmail dot com
Hi, nikic, sorry, ignore my last comment.
I added small change in json.c
https://gist.github.com/masakielastic/5973095#file-02-small_refactaring-patch
------------------------------------------------------------------------
[2013-07-14 08:48:01] masakielastic at gmail dot com
I nominate other names from the view of consistency with JSON_ERROR_UTF8.
JSON_UTF8_SUBSTITUTE
JSON_UTF8_IGNORE
------------------------------------------------------------------------
[2013-07-14 08:44:02] masakielastic at gmail dot com
Hi, nikic, I posted a document request for the mission option and error codes.
https://bugs.php.net/bug.php?id=65259
Your opinion about the consistency among
JSON_PARTIAL_OUTPUT_ON_ERROR and JSON_NOTUTF8_SUBSTITUTE
and JSON_NOTUTF8_IGNORE is needed.
------------------------------------------------------------------------
[2013-07-14 08:28:53] masakielastic at gmail dot com
I created new feature request for preveting XSS attack and I withdraw my option
about the change of default behavior.
new function for preventing XSS attack
https://bugs.php.net/bug.php?id=65257
------------------------------------------------------------------------
[2013-07-12 18:19:09] masakielastic at gmail dot com
I posted a patch for handling surrogate pairs
since the range (U+D800 - U+DFFF) is not allowed in UTF-8 (RFC 3629).
Someone's help is needed for handling high surrogate pairs and the options.
https://gist.github.com/masakielastic/5985383
json_decode produces invalid byte-sequences
https://bugs.php.net/bug.php?id=62010
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=65082
--
Edit this bug report at https://bugs.php.net/bug.php?id=65082&edit=1
