ruby.git/ext/json/lib, branch v3_3_11 The Ruby Programming Language Merge JSON 2.7.2 for Ruby 3.3 (#11541) 2024-09-04T15:47:06+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2024-09-04T15:47:06+00:00 4eb51dfc9e67683a1a03fdf302d5ddd95cad716a Merge JSON 2.7.2 
Merge JSON 2.7.2
 [flori/json] Bump up 2.7.1 2023-12-05T06:09:56+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2023-12-05T04:01:26+00:00 eecae51502215ae4dab9d99a1079636f3fcd99a5 https://github.com/flori/json/commit/a1af7a308c 
https://github.com/flori/json/commit/a1af7a308c
[flori/json] [DOC] RDoc for additions 2023-12-05T03:04:09+00:00 Burdette Lamar BurdetteLamar@Yahoo.com 2023-12-05T00:59:48+00:00 c8faaf4c7edf67a19786cb9ba53805e5b813b918 (https://github.com/flori/json/pull/557) * RDoc for additions * Update lib/json/add/time.rb Co-authored-by: Hiroshi SHIBATA <hsbt@ruby-lang.org> --------- https://github.com/flori/json/commit/3f2efd60f7 Co-authored-by: Hiroshi SHIBATA <hsbt@ruby-lang.org> 
(https://github.com/flori/json/pull/557)

* RDoc for additions

* Update lib/json/add/time.rb

Co-authored-by: Hiroshi SHIBATA <hsbt@ruby-lang.org>

---------

https://github.com/flori/json/commit/3f2efd60f7

Co-authored-by: Hiroshi SHIBATA <hsbt@ruby-lang.org>
[flori/json] Fix JSON.dump overload combination 2023-12-05T03:04:08+00:00 tompng tomoyapenguin@gmail.com 2023-12-04T10:18:14+00:00 70740deea793274f6e38a7b7fc3688aa709fd1d8 https://github.com/flori/json/commit/41c2712a3b 
https://github.com/flori/json/commit/41c2712a3b
[flori/json] Overload kwargs in JSON.dump 2023-12-05T03:04:08+00:00 Takashi Kokubun takashikkbn@gmail.com 2023-12-01T17:53:44+00:00 e6b35e8a6d70892037503d74cec2657b2b8bd116 https://github.com/flori/json/commit/936f280f9f 
https://github.com/flori/json/commit/936f280f9f
[flori/json] JSON.dump: handle unenclosed hashes regression 2023-12-05T03:04:07+00:00 Jean Boussier jean.boussier@gmail.com 2023-12-01T10:46:16+00:00 a22ed8943859963c67533bb0edc13a27bfdac00c Fix: https://github.com/flori/json/issues/553 We can never add keyword arguments to `dump` otherwise existing code using unenclosed hash will break. https://github.com/flori/json/commit/8e0076a3f2 
Fix: https://github.com/flori/json/issues/553

We can never add keyword arguments to `dump` otherwise
existing code using unenclosed hash will break.

https://github.com/flori/json/commit/8e0076a3f2
Manually merged from flori/json 2023-12-01T07:47:06+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2023-12-01T06:51:26+00:00 86045fca24be94db7a9cbf7a9126e43c212dcc55 > https://github.com/flori/json/pull/525 > Rename escape_slash in script_safe and also escape E+2028 and E+2029 Co-authored-by: Jean Boussier <jean.boussier@gmail.com> > https://github.com/flori/json/pull/454 > Remove unnecessary initialization of create_id in JSON.parse() Co-authored-by: Watson <watson1978@gmail.com> 
  > https://github.com/flori/json/pull/525
  > Rename escape_slash in script_safe and also escape E+2028 and E+2029

  Co-authored-by: Jean Boussier <jean.boussier@gmail.com>

  > https://github.com/flori/json/pull/454
  > Remove unnecessary initialization of create_id in JSON.parse()

  Co-authored-by: Watson <watson1978@gmail.com>
Rename escape_slash in script_safe and also escape E+2028 and E+2029 2023-12-01T07:47:06+00:00 Jean Boussier jean.boussier@gmail.com 2023-04-13T17:22:29+00:00 0dfeb172968cdaefca2ab828c94d3e5f44d91f8f It is rather common to directly interpolate JSON string inside <script> tags in HTML as to provide configuration or parameters to a script. However this may lead to XSS vulnerabilities, to prevent that 3 characters need to be escaped: - `/` (forward slash) - `U+2028` (LINE SEPARATOR) - `U+2029` (PARAGRAPH SEPARATOR) The forward slash need to be escaped to prevent closing the script tag early, and the other two are valid JSON but invalid Javascript and can be used to break JS parsing. Given that the intent of escaping forward slash is the same than escaping U+2028 and U+2029, I chos to rename and repurpose the existing `escape_slash` option. 
It is rather common to directly interpolate JSON string inside
<script> tags in HTML as to provide configuration or parameters to a
script.

However this may lead to XSS vulnerabilities, to prevent that 3
characters need to be escaped:

  - `/` (forward slash)
  - `U+2028` (LINE SEPARATOR)
  - `U+2029` (PARAGRAPH SEPARATOR)

The forward slash need to be escaped to prevent closing the script
tag early, and the other two are valid JSON but invalid Javascript
and can be used to break JS parsing.

Given that the intent of escaping forward slash is the same than escaping
U+2028 and U+2029, I chos to rename and repurpose the existing `escape_slash`
option.
[flori/json] Bump up 2.7.0 2023-12-01T07:47:06+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2023-12-01T05:58:11+00:00 32f289d118b442a712af28c2af44384f5cb07db1 https://github.com/flori/json/commit/ca546128f2 
https://github.com/flori/json/commit/ca546128f2
[flori/json] Enhanced RDoc for Range extensions 2023-11-08T00:04:28+00:00 BurdetteLamar BurdetteLamar@Yahoo.com 2021-09-21T17:38:28+00:00 d12e881009ba94e2aca6428756fc79cc33ba278b https://github.com/flori/json/commit/ec47749b53 
https://github.com/flori/json/commit/ec47749b53