ruby.git/ext/json/lib/json.rb, branch v3_3_11

ruby.git/ext/json/lib/json.rb, branch v3_3_11 The Ruby Programming Language Rename escape_slash in script_safe and also escape E+2028 and E+2029 2023-12-01T07:47:06+00:00 Jean Boussier jean.boussier@gmail.com 2023-04-13T17:22:29+00:00 0dfeb172968cdaefca2ab828c94d3e5f44d91f8f It is rather common to directly interpolate JSON string inside <script> tags in HTML as to provide configuration or parameters to a script. However this may lead to XSS vulnerabilities, to prevent that 3 characters need to be escaped: - `/` (forward slash) - `U+2028` (LINE SEPARATOR) - `U+2029` (PARAGRAPH SEPARATOR) The forward slash need to be escaped to prevent closing the script tag early, and the other two are valid JSON but invalid Javascript and can be used to break JS parsing. Given that the intent of escaping forward slash is the same than escaping U+2028 and U+2029, I chos to rename and repurpose the existing `escape_slash` option.

It is rather common to directly interpolate JSON string inside
<script> tags in HTML as to provide configuration or parameters to a
script.

However this may lead to XSS vulnerabilities, to prevent that 3
characters need to be escaped:

  - `/` (forward slash)
  - `U+2028` (LINE SEPARATOR)
  - `U+2029` (PARAGRAPH SEPARATOR)

The forward slash need to be escaped to prevent closing the script
tag early, and the other two are valid JSON but invalid Javascript
and can be used to break JS parsing.

Given that the intent of escaping forward slash is the same than escaping
U+2028 and U+2029, I chos to rename and repurpose the existing `escape_slash`
option.

[flori/json] Fix incorrect `#` position in API doc 2021-05-17T10:26:03+00:00 Masafumi Koba 473530+ybiquitous@users.noreply.github.com 2020-12-23T02:20:13+00:00 8a974dc83cd2c8a8befb0b612b4f18c3f6f55370 This change fixes an incorrect `#` position in the API documentation of the `JSON` module. https://github.com/flori/json/commit/dc4b62424f

This change fixes an incorrect `#` position in the API documentation of the `JSON` module.

https://github.com/flori/json/commit/dc4b62424f

[flori/json] RDoc example for JSON.load 2020-09-25T08:28:42+00:00 BurdetteLamar burdettelamar@yahoo.com 2020-07-04T14:21:12+00:00 8c057bb845d57d20e285030bfd73bcb5ca1143f9 https://github.com/flori/json/commit/e4eead665c

https://github.com/flori/json/commit/e4eead665c

[flori/json] Move options from #generate and #parse to common area 2020-09-25T08:28:42+00:00 BurdetteLamar burdettelamar@yahoo.com 2020-06-30T19:50:06+00:00 71b1bbad02bee09b8da722f75777df199ca33995 https://github.com/flori/json/commit/20d7be605a

https://github.com/flori/json/commit/20d7be605a

[flori/json] RDoc enhancements 2020-07-01T09:47:51+00:00 BurdetteLamar burdettelamar@yahoo.com 2020-06-25T18:58:45+00:00 be6447381cdcb19b49360911eedca402578fd086 https://github.com/flori/json/commit/470d909c0d

https://github.com/flori/json/commit/470d909c0d

[flori/json] RDoc enhancements 2020-07-01T09:47:51+00:00 BurdetteLamar burdettelamar@yahoo.com 2020-06-25T17:09:28+00:00 99980b3034f59eb1253411f1220e1591f47a49c1 https://github.com/flori/json/commit/7bee2c7c13

https://github.com/flori/json/commit/7bee2c7c13

[flori/json] Rdoc enhancements 2020-07-01T09:47:50+00:00 BurdetteLamar burdettelamar@yahoo.com 2020-05-06T12:59:54+00:00 4689fd5f9982a148052d76e8e1a7bd85256baec6 https://github.com/flori/json/commit/e7e3732130

https://github.com/flori/json/commit/e7e3732130

[flori/json] Fix examples syntax 2020-01-06T06:13:35+00:00 zverok zverok.offline@gmail.com 2019-12-29T20:55:23+00:00 41ef6df8c93039aa1cd4a37e380a13cbfbc4d62f https://github.com/flori/json/commit/3845491d92

https://github.com/flori/json/commit/3845491d92

[flori/json] Enchance generic JSON and #generate docs 2020-01-06T06:13:15+00:00 zverok zverok.offline@gmail.com 2018-03-08T15:32:36+00:00 2e5ef30cb9f56e5a7a8139e0f1d75bbcf5ee8362 https://github.com/flori/json/commit/4ede0a7d19

https://github.com/flori/json/commit/4ede0a7d19

[flori/json] Remove invalid JSON.generate description from JSON module rdoc 2020-01-06T06:09:55+00:00 Jeremy Evans code@jeremyevans.net 2019-08-26T00:21:02+00:00 1658e6b5db0380c39d2423281e10acc5b6c6a8bd This text used to be true in older versions of json, but has not been true for a number of years (since json version 2 I think). https://github.com/flori/json/commit/373b633f38

This text used to be true in older versions of json, but has not
been true for a number of years (since json version 2 I think).

https://github.com/flori/json/commit/373b633f38