ruby.git/ext/json/generator/generator.h, branch v3_3_11 The Ruby Programming Language Manually merged from flori/json 2023-12-01T07:47:06+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2023-12-01T06:51:26+00:00 86045fca24be94db7a9cbf7a9126e43c212dcc55 > https://github.com/flori/json/pull/525 > Rename escape_slash in script_safe and also escape E+2028 and E+2029 Co-authored-by: Jean Boussier <jean.boussier@gmail.com> > https://github.com/flori/json/pull/454 > Remove unnecessary initialization of create_id in JSON.parse() Co-authored-by: Watson <watson1978@gmail.com> 
  > https://github.com/flori/json/pull/525
  > Rename escape_slash in script_safe and also escape E+2028 and E+2029

  Co-authored-by: Jean Boussier <jean.boussier@gmail.com>

  > https://github.com/flori/json/pull/454
  > Remove unnecessary initialization of create_id in JSON.parse()

  Co-authored-by: Watson <watson1978@gmail.com>
Rename escape_slash in script_safe and also escape E+2028 and E+2029 2023-12-01T07:47:06+00:00 Jean Boussier jean.boussier@gmail.com 2023-04-13T17:22:29+00:00 0dfeb172968cdaefca2ab828c94d3e5f44d91f8f It is rather common to directly interpolate JSON string inside <script> tags in HTML as to provide configuration or parameters to a script. However this may lead to XSS vulnerabilities, to prevent that 3 characters need to be escaped: - `/` (forward slash) - `U+2028` (LINE SEPARATOR) - `U+2029` (PARAGRAPH SEPARATOR) The forward slash need to be escaped to prevent closing the script tag early, and the other two are valid JSON but invalid Javascript and can be used to break JS parsing. Given that the intent of escaping forward slash is the same than escaping U+2028 and U+2029, I chos to rename and repurpose the existing `escape_slash` option. 
It is rather common to directly interpolate JSON string inside
<script> tags in HTML as to provide configuration or parameters to a
script.

However this may lead to XSS vulnerabilities, to prevent that 3
characters need to be escaped:

  - `/` (forward slash)
  - `U+2028` (LINE SEPARATOR)
  - `U+2029` (PARAGRAPH SEPARATOR)

The forward slash need to be escaped to prevent closing the script
tag early, and the other two are valid JSON but invalid Javascript
and can be used to break JS parsing.

Given that the intent of escaping forward slash is the same than escaping
U+2028 and U+2029, I chos to rename and repurpose the existing `escape_slash`
option.
Add an option to escape forward slash character 2020-09-25T08:28:42+00:00 Jean Boussier jean.boussier@gmail.com 2020-01-30T11:48:05+00:00 e1659af3724e2320e9f2f2bd7cf602686e8aa523 Squashed commit of the following: commit 26d181059989279a79c433cedcd893b4f52e42ee Author: Francois Chagnon <francois.chagnon@jadedpixel.com> Date: Tue Sep 15 21:17:34 2015 +0000 add config options for escape_slash commit fa282334051b16df91ca097dd7304b46f3bc7719 Author: Francois Chagnon <francois.chagnon@jadedpixel.com> Date: Mon Feb 9 21:09:33 2015 +0000 add forward slash to escape character 
Squashed commit of the following:

commit 26d181059989279a79c433cedcd893b4f52e42ee
Author: Francois Chagnon <francois.chagnon@jadedpixel.com>
Date:   Tue Sep 15 21:17:34 2015 +0000

    add config options for escape_slash

commit fa282334051b16df91ca097dd7304b46f3bc7719
Author: Francois Chagnon <francois.chagnon@jadedpixel.com>
Date:   Mon Feb 9 21:09:33 2015 +0000

    add forward slash to escape character
Merge json-2.0.4. 2017-04-12T00:21:18+00:00 hsbt hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2017-04-12T00:21:18+00:00 83735ba29a0bfdaffa8e9c2a1dc025c3b0b63153 * https://github.com/flori/json/releases/tag/v2.0.4 * https://github.com/flori/json/blob/09fabeb03e73ed88dc8ce8f19d76ac59e51dae20/CHANGES.md#2017-03-23-204 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58323 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
  * https://github.com/flori/json/releases/tag/v2.0.4
  * https://github.com/flori/json/blob/09fabeb03e73ed88dc8ce8f19d76ac59e51dae20/CHANGES.md#2017-03-23-204

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58323 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/json/*, test/json/*: Update json-2.0.1. 2016-07-05T11:49:39+00:00 hsbt hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-07-05T11:49:39+00:00 11306587383f345d54752f262bee5f67adaae2f0 Changes of 2.0.0: https://github.com/flori/json/blob/f679ebd0c69a94e3e70a897ac9a229f5779c2ee1/CHANGES.md#2015-09-11-200 Changes of 2.0.1: https://github.com/flori/json/blob/f679ebd0c69a94e3e70a897ac9a229f5779c2ee1/CHANGES.md#2016-07-01-201 [Feature #12542][ruby-dev:49706][fix GH-1395] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55576 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
  Changes of 2.0.0: https://github.com/flori/json/blob/f679ebd0c69a94e3e70a897ac9a229f5779c2ee1/CHANGES.md#2015-09-11-200
  Changes of 2.0.1: https://github.com/flori/json/blob/f679ebd0c69a94e3e70a897ac9a229f5779c2ee1/CHANGES.md#2016-07-01-201
  [Feature #12542][ruby-dev:49706][fix GH-1395]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55576 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Integer unification macro 2016-06-13T11:34:56+00:00 nobu nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-06-13T11:34:56+00:00 c071c052292168592de091cdb4c22dc3fbfd1af1 * include/ruby/ruby.h (RUBY_INTEGER_UNIFICATION): macro to tell if Integer is integrated. [ruby-core:75718][Bug #12427] * include/ruby/backward.h, internal.h (rb_cFixnum, rb_cBignum): fallback to rb_cInteger. * bignum.c, numeric.c, ext/json/generator/generator.{c,h}: use the macro. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55394 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
* include/ruby/ruby.h (RUBY_INTEGER_UNIFICATION): macro to tell if
  Integer is integrated.  [ruby-core:75718][Bug #12427]
* include/ruby/backward.h, internal.h (rb_cFixnum, rb_cBignum):
  fallback to rb_cInteger.
* bignum.c, numeric.c, ext/json/generator/generator.{c,h}: use the
  macro.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55394 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
[Feature #12005] Unify Fixnum and Bignum into Integer 2016-05-17T06:53:48+00:00 akr akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-05-17T06:53:48+00:00 f9727c12cc8fbc5f752f5983be1f14bb976e5a13 * [Feature #12005] Unify Fixnum and Bignum into Integer * include/ruby/ruby.h (rb_class_of): Return rb_cInteger for fixnums. * insns.def (INTEGER_REDEFINED_OP_FLAG): Unified from FIXNUM_REDEFINED_OP_FLAG and BIGNUM_REDEFINED_OP_FLAG. * vm_core.h: Ditto. * vm_insnhelper.c (opt_eq_func): Use INTEGER_REDEFINED_OP_FLAG instead of FIXNUM_REDEFINED_OP_FLAG. * vm.c (vm_redefinition_check_flag): Use rb_cInteger instead of rb_cFixnum and rb_cBignum. (C): Use Integer instead of Fixnum and Bignum. * numeric.c (fix_succ): Removed. (Init_Numeric): Define Fixnum as Integer. * bignum.c (bignew): Use rb_cInteger instead of Rb_cBignum. (rb_int_coerce): replaced from rb_big_coerce and return fixnums as-is. (Init_Bignum): Define Bignum as Integer. Don't define ===. * error.c (builtin_class_name): Return "Integer" for fixnums. * sprintf.c (ruby__sfvextra): Use rb_cInteger instead of rb_cFixnum. * ext/-test-/testutil: New directory to test. Currently it provides utilities for fixnum and bignum. * ext/json/generator/generator.c: Define mInteger_to_json. * lib/mathn.rb (Fixnum#/): Redefinition removed. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55024 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
* [Feature #12005] Unify Fixnum and Bignum into Integer

* include/ruby/ruby.h (rb_class_of): Return rb_cInteger for fixnums.

* insns.def (INTEGER_REDEFINED_OP_FLAG): Unified from
  FIXNUM_REDEFINED_OP_FLAG and BIGNUM_REDEFINED_OP_FLAG.

* vm_core.h: Ditto.

* vm_insnhelper.c (opt_eq_func): Use INTEGER_REDEFINED_OP_FLAG instead
  of FIXNUM_REDEFINED_OP_FLAG.

* vm.c (vm_redefinition_check_flag): Use rb_cInteger instead of
  rb_cFixnum and rb_cBignum.
  (C): Use Integer instead of Fixnum and Bignum.

* numeric.c (fix_succ): Removed.
  (Init_Numeric): Define Fixnum as Integer.

* bignum.c (bignew): Use rb_cInteger instead of Rb_cBignum.
  (rb_int_coerce): replaced from rb_big_coerce and return fixnums
  as-is.
  (Init_Bignum): Define Bignum as Integer.
  Don't define ===.

* error.c (builtin_class_name): Return "Integer" for fixnums.

* sprintf.c (ruby__sfvextra): Use rb_cInteger instead of rb_cFixnum.

* ext/-test-/testutil: New directory to test.
  Currently it provides utilities for fixnum and bignum.

* ext/json/generator/generator.c: Define mInteger_to_json.

* lib/mathn.rb (Fixnum#/): Redefinition removed.



git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55024 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
generator.c: allocate structs with wrapper 2015-05-28T07:17:55+00:00 nobu nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2015-05-28T07:17:55+00:00 4d059bf9f5f10f3d3088de49fc87e5555db7770d * ext/json/generator/generator.c (cState_s_allocate): allocate structs with making new wrapper objects and get rid of potential memory leak. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50661 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
* ext/json/generator/generator.c (cState_s_allocate): allocate
  structs with making new wrapper objects and get rid of potential
  memory leak.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50661 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/json/*, test/json/*: Reverted r50231. Because it's not works with 2015-04-12T08:36:37+00:00 hsbt hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2015-04-12T08:36:37+00:00 2e4f0af00f85ca228bcf5fa919882359411c652a cross-compile environment. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50267 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
  cross-compile environment.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50267 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/json/*, test/json/*, defs/default_gems: Gemify JSON library. 2015-04-11T11:14:36+00:00 hsbt hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2015-04-11T11:14:36+00:00 cfaddc2a3248dd0ce4a370fdbab44ca88adf5722 [fix GH-867][Feature #11057] * test/ruby/test_extlibs.rb: removed json gem from existence extentions. * gems/bundled_gems: added json gem into bundled gem. * lib/rdoc/rubygems_hook.rb: ignored no json environment. * lib/rubygems/test_case.rb, test/rubygems/*: ditto. * lib/rdoc/test_case.rb, test/rdoc/*: ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50231 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
  [fix GH-867][Feature #11057]
* test/ruby/test_extlibs.rb: removed json gem from existence extentions.
* gems/bundled_gems: added json gem into bundled gem.
* lib/rdoc/rubygems_hook.rb: ignored no json environment.
* lib/rubygems/test_case.rb, test/rubygems/*: ditto.
* lib/rdoc/test_case.rb, test/rdoc/*: ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50231 b2dd03c8-39d4-4d8f-98ff-823fe69b080e