ruby.git/ext/json/generator, branch v3_3_11 The Ruby Programming Language Merge JSON 2.7.2 for Ruby 3.3 (#11541) 2024-09-04T15:47:06+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2024-09-04T15:47:06+00:00 4eb51dfc9e67683a1a03fdf302d5ddd95cad716a Merge JSON 2.7.2 
Merge JSON 2.7.2
 Manually merged from flori/json 2023-12-01T07:47:06+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2023-12-01T06:51:26+00:00 86045fca24be94db7a9cbf7a9126e43c212dcc55 > https://github.com/flori/json/pull/525 > Rename escape_slash in script_safe and also escape E+2028 and E+2029 Co-authored-by: Jean Boussier <jean.boussier@gmail.com> > https://github.com/flori/json/pull/454 > Remove unnecessary initialization of create_id in JSON.parse() Co-authored-by: Watson <watson1978@gmail.com> 
  > https://github.com/flori/json/pull/525
  > Rename escape_slash in script_safe and also escape E+2028 and E+2029

  Co-authored-by: Jean Boussier <jean.boussier@gmail.com>

  > https://github.com/flori/json/pull/454
  > Remove unnecessary initialization of create_id in JSON.parse()

  Co-authored-by: Watson <watson1978@gmail.com>
Rename escape_slash in script_safe and also escape E+2028 and E+2029 2023-12-01T07:47:06+00:00 Jean Boussier jean.boussier@gmail.com 2023-04-13T17:22:29+00:00 0dfeb172968cdaefca2ab828c94d3e5f44d91f8f It is rather common to directly interpolate JSON string inside <script> tags in HTML as to provide configuration or parameters to a script. However this may lead to XSS vulnerabilities, to prevent that 3 characters need to be escaped: - `/` (forward slash) - `U+2028` (LINE SEPARATOR) - `U+2029` (PARAGRAPH SEPARATOR) The forward slash need to be escaped to prevent closing the script tag early, and the other two are valid JSON but invalid Javascript and can be used to break JS parsing. Given that the intent of escaping forward slash is the same than escaping U+2028 and U+2029, I chos to rename and repurpose the existing `escape_slash` option. 
It is rather common to directly interpolate JSON string inside
<script> tags in HTML as to provide configuration or parameters to a
script.

However this may lead to XSS vulnerabilities, to prevent that 3
characters need to be escaped:

  - `/` (forward slash)
  - `U+2028` (LINE SEPARATOR)
  - `U+2029` (PARAGRAPH SEPARATOR)

The forward slash need to be escaped to prevent closing the script
tag early, and the other two are valid JSON but invalid Javascript
and can be used to break JS parsing.

Given that the intent of escaping forward slash is the same than escaping
U+2028 and U+2029, I chos to rename and repurpose the existing `escape_slash`
option.
[flori/json] Call `super` in `included` hook 2023-05-24T00:37:30+00:00 Ufuk Kayserilioglu ufuk.kayserilioglu@shopify.com 2021-10-25T12:48:18+00:00 12dfd9d1c980d17d8a0ea10bccb9cd7eca21b568 The C extension defines an `included` hook for the `JSON::Ext::Generator::GeneratorMethods::String` module but neglects to call `super` in the hook. This can break the functionality of various other code that rely on the fact that `included` on `Module` will always be called. https://github.com/flori/json/commit/cd8bbe56a3 
The C extension defines an `included` hook for the
`JSON::Ext::Generator::GeneratorMethods::String` module but neglects to
call `super` in the hook. This can break the functionality of various
other code that rely on the fact that `included` on `Module` will always
be called.

https://github.com/flori/json/commit/cd8bbe56a3
Update the depend files 2023-02-28T17:09:00+00:00 Matt Valentine-House matt@eightbitraptor.com 2023-02-13T14:51:45+00:00 5e4b80177ef7e6abbe90849037b688c004568170 






Remove intern/gc.h from Make deps
2023-02-27T18:11:56+00:00

Matt Valentine-House
matt@eightbitraptor.com

2023-02-16T22:37:59+00:00

f38c6552f9f27169fbf4c0f3c25d34b8c2c28c9b












Extract include/ruby/internal/attr/packed_struct.h
2023-02-08T03:34:13+00:00

Nobuyoshi Nakada
nobu@ruby-lang.org

2023-02-06T11:50:06+00:00

899ea35035c5bfb78fcdbc9fbfaafba24aee49c1

Split `PACKED_STRUCT` and `PACKED_STRUCT_UNALIGNED` macros into the
macros bellow:
* `RBIMPL_ATTR_PACKED_STRUCT_BEGIN`
* `RBIMPL_ATTR_PACKED_STRUCT_END`
* `RBIMPL_ATTR_PACKED_STRUCT_UNALIGNED_BEGIN`
* `RBIMPL_ATTR_PACKED_STRUCT_UNALIGNED_END`





Split `PACKED_STRUCT` and `PACKED_STRUCT_UNALIGNED` macros into the
macros bellow:
* `RBIMPL_ATTR_PACKED_STRUCT_BEGIN`
* `RBIMPL_ATTR_PACKED_STRUCT_END`
* `RBIMPL_ATTR_PACKED_STRUCT_UNALIGNED_BEGIN`
* `RBIMPL_ATTR_PACKED_STRUCT_UNALIGNED_END`







[flori/json] Stop including the parser source __LINE__ in exceptions
2022-07-29T10:10:10+00:00

Jean Boussier
jean.boussier@gmail.com

2021-05-20T10:40:04+00:00

66b52f046f3e4c5d24781a142f9633e07c42d6d9

It makes testing for JSON errors very tedious. You either have
to use a Regexp or to regularly update all your assertions
when JSON is upgraded.

https://github.com/flori/json/commit/de9eb1d28e





It makes testing for JSON errors very tedious. You either have
to use a Regexp or to regularly update all your assertions
when JSON is upgraded.

https://github.com/flori/json/commit/de9eb1d28e







[Feature #18249] Update dependencies
2022-02-22T14:55:21+00:00

Peter Zhu
peter@peterzhu.ca

2022-02-18T16:06:13+00:00

2d5ecd60a5827d95449b9bd8704a0df2ffb0a60a












Update dependencies
2021-11-21T07:21:18+00:00

Nobuyoshi Nakada
nobu@ruby-lang.org

2021-11-21T05:44:44+00:00

ac152b3cac0be45d2a17d89610cbc15be873786f