ruby.git/ext/json/generator/generator.c, branch v3_3_11 The Ruby Programming Language Merge JSON 2.7.2 for Ruby 3.3 (#11541) 2024-09-04T15:47:06+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2024-09-04T15:47:06+00:00 4eb51dfc9e67683a1a03fdf302d5ddd95cad716a Merge JSON 2.7.2 
Merge JSON 2.7.2
 Manually merged from flori/json 2023-12-01T07:47:06+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2023-12-01T06:51:26+00:00 86045fca24be94db7a9cbf7a9126e43c212dcc55 > https://github.com/flori/json/pull/525 > Rename escape_slash in script_safe and also escape E+2028 and E+2029 Co-authored-by: Jean Boussier <jean.boussier@gmail.com> > https://github.com/flori/json/pull/454 > Remove unnecessary initialization of create_id in JSON.parse() Co-authored-by: Watson <watson1978@gmail.com> 
  > https://github.com/flori/json/pull/525
  > Rename escape_slash in script_safe and also escape E+2028 and E+2029

  Co-authored-by: Jean Boussier <jean.boussier@gmail.com>

  > https://github.com/flori/json/pull/454
  > Remove unnecessary initialization of create_id in JSON.parse()

  Co-authored-by: Watson <watson1978@gmail.com>
Rename escape_slash in script_safe and also escape E+2028 and E+2029 2023-12-01T07:47:06+00:00 Jean Boussier jean.boussier@gmail.com 2023-04-13T17:22:29+00:00 0dfeb172968cdaefca2ab828c94d3e5f44d91f8f It is rather common to directly interpolate JSON string inside <script> tags in HTML as to provide configuration or parameters to a script. However this may lead to XSS vulnerabilities, to prevent that 3 characters need to be escaped: - `/` (forward slash) - `U+2028` (LINE SEPARATOR) - `U+2029` (PARAGRAPH SEPARATOR) The forward slash need to be escaped to prevent closing the script tag early, and the other two are valid JSON but invalid Javascript and can be used to break JS parsing. Given that the intent of escaping forward slash is the same than escaping U+2028 and U+2029, I chos to rename and repurpose the existing `escape_slash` option. 
It is rather common to directly interpolate JSON string inside
<script> tags in HTML as to provide configuration or parameters to a
script.

However this may lead to XSS vulnerabilities, to prevent that 3
characters need to be escaped:

  - `/` (forward slash)
  - `U+2028` (LINE SEPARATOR)
  - `U+2029` (PARAGRAPH SEPARATOR)

The forward slash need to be escaped to prevent closing the script
tag early, and the other two are valid JSON but invalid Javascript
and can be used to break JS parsing.

Given that the intent of escaping forward slash is the same than escaping
U+2028 and U+2029, I chos to rename and repurpose the existing `escape_slash`
option.
[flori/json] Call `super` in `included` hook 2023-05-24T00:37:30+00:00 Ufuk Kayserilioglu ufuk.kayserilioglu@shopify.com 2021-10-25T12:48:18+00:00 12dfd9d1c980d17d8a0ea10bccb9cd7eca21b568 The C extension defines an `included` hook for the `JSON::Ext::Generator::GeneratorMethods::String` module but neglects to call `super` in the hook. This can break the functionality of various other code that rely on the fact that `included` on `Module` will always be called. https://github.com/flori/json/commit/cd8bbe56a3 
The C extension defines an `included` hook for the
`JSON::Ext::Generator::GeneratorMethods::String` module but neglects to
call `super` in the hook. This can break the functionality of various
other code that rely on the fact that `included` on `Module` will always
be called.

https://github.com/flori/json/commit/cd8bbe56a3
[flori/json] Stop including the parser source __LINE__ in exceptions 2022-07-29T10:10:10+00:00 Jean Boussier jean.boussier@gmail.com 2021-05-20T10:40:04+00:00 66b52f046f3e4c5d24781a142f9633e07c42d6d9 It makes testing for JSON errors very tedious. You either have to use a Regexp or to regularly update all your assertions when JSON is upgraded. https://github.com/flori/json/commit/de9eb1d28e 
It makes testing for JSON errors very tedious. You either have
to use a Regexp or to regularly update all your assertions
when JSON is upgraded.

https://github.com/flori/json/commit/de9eb1d28e
Fix GC compatibility: Don't stash encodings in global constants 2021-02-01T20:20:34+00:00 Aaron Patterson tenderlove@ruby-lang.org 2021-02-01T19:10:22+00:00 8ef30bcc047341b2b7e6ec9b545dda975cdd4ab2 This value should either be pinned, or looked up when needed at runtime. Without pinning, the GC may move the encoding object, and that could cause a crash. In this case it is easier to find the value at runtime, and there is no performance penalty (as Ruby caches encoding indexes). We can shorten the code, be compaction friendly, and incur no performance penalty. 
This value should either be pinned, or looked up when needed at runtime.
Without pinning, the GC may move the encoding object, and that could
cause a crash.

In this case it is easier to find the value at runtime, and there is no
performance penalty (as Ruby caches encoding indexes).  We can shorten
the code, be compaction friendly, and incur no performance penalty.
[json] Make json Ractor safe 2020-12-21T13:10:43+00:00 Kenta Murata mrkn@mrkn.jp 2020-12-21T06:57:42+00:00 14d7d1df25bbefadfc385042d541b4afc31e4c1b 






[json] Stop using prototype objects
2020-12-21T13:10:33+00:00

Kenta Murata
mrkn@mrkn.jp

2020-12-20T03:17:32+00:00

98cc15ed1e9193e17fad6b87cccf8f8b5ade7801












Add an option to escape forward slash character
2020-09-25T08:28:42+00:00

Jean Boussier
jean.boussier@gmail.com

2020-01-30T11:48:05+00:00

e1659af3724e2320e9f2f2bd7cf602686e8aa523

Squashed commit of the following:

commit 26d181059989279a79c433cedcd893b4f52e42ee
Author: Francois Chagnon <francois.chagnon@jadedpixel.com>
Date:   Tue Sep 15 21:17:34 2015 +0000

    add config options for escape_slash

commit fa282334051b16df91ca097dd7304b46f3bc7719
Author: Francois Chagnon <francois.chagnon@jadedpixel.com>
Date:   Mon Feb 9 21:09:33 2015 +0000

    add forward slash to escape character





Squashed commit of the following:

commit 26d181059989279a79c433cedcd893b4f52e42ee
Author: Francois Chagnon <francois.chagnon@jadedpixel.com>
Date:   Tue Sep 15 21:17:34 2015 +0000

    add config options for escape_slash

commit fa282334051b16df91ca097dd7304b46f3bc7719
Author: Francois Chagnon <francois.chagnon@jadedpixel.com>
Date:   Mon Feb 9 21:09:33 2015 +0000

    add forward slash to escape character







[flori/json] Typo fix
2020-07-01T09:47:51+00:00

Marc-Andre Lafortune
github@marc-andre.ca

2020-06-30T04:28:23+00:00

26041da2fbca4cfeffaee13b66f90310d5d72e18

https://github.com/flori/json/commit/26c1769969





https://github.com/flori/json/commit/26c1769969