| Age | Commit message (Collapse) | Author |
|---|
|
> https://github.com/flori/json/pull/525
> Rename escape_slash in script_safe and also escape E+2028 and E+2029
Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
> https://github.com/flori/json/pull/454
> Remove unnecessary initialization of create_id in JSON.parse()
Co-authored-by: Watson <watson1978@gmail.com>
|
|
It is rather common to directly interpolate JSON string inside
<script> tags in HTML as to provide configuration or parameters to a
script.
However this may lead to XSS vulnerabilities, to prevent that 3
characters need to be escaped:
- `/` (forward slash)
- `U+2028` (LINE SEPARATOR)
- `U+2029` (PARAGRAPH SEPARATOR)
The forward slash need to be escaped to prevent closing the script
tag early, and the other two are valid JSON but invalid Javascript
and can be used to break JS parsing.
Given that the intent of escaping forward slash is the same than escaping
U+2028 and U+2029, I chos to rename and repurpose the existing `escape_slash`
option.
|
|
Squashed commit of the following:
commit 26d181059989279a79c433cedcd893b4f52e42ee
Author: Francois Chagnon <francois.chagnon@jadedpixel.com>
Date: Tue Sep 15 21:17:34 2015 +0000
add config options for escape_slash
commit fa282334051b16df91ca097dd7304b46f3bc7719
Author: Francois Chagnon <francois.chagnon@jadedpixel.com>
Date: Mon Feb 9 21:09:33 2015 +0000
add forward slash to escape character
Notes:
Merged: https://github.com/ruby/ruby/pull/3581
|
|
* https://github.com/flori/json/releases/tag/v2.0.4
* https://github.com/flori/json/blob/09fabeb03e73ed88dc8ce8f19d76ac59e51dae20/CHANGES.md#2017-03-23-204
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58323 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Changes of 2.0.0: https://github.com/flori/json/blob/f679ebd0c69a94e3e70a897ac9a229f5779c2ee1/CHANGES.md#2015-09-11-200
Changes of 2.0.1: https://github.com/flori/json/blob/f679ebd0c69a94e3e70a897ac9a229f5779c2ee1/CHANGES.md#2016-07-01-201
[Feature #12542][ruby-dev:49706][fix GH-1395]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55576 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* include/ruby/ruby.h (RUBY_INTEGER_UNIFICATION): macro to tell if
Integer is integrated. [ruby-core:75718][Bug #12427]
* include/ruby/backward.h, internal.h (rb_cFixnum, rb_cBignum):
fallback to rb_cInteger.
* bignum.c, numeric.c, ext/json/generator/generator.{c,h}: use the
macro.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55394 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* [Feature #12005] Unify Fixnum and Bignum into Integer
* include/ruby/ruby.h (rb_class_of): Return rb_cInteger for fixnums.
* insns.def (INTEGER_REDEFINED_OP_FLAG): Unified from
FIXNUM_REDEFINED_OP_FLAG and BIGNUM_REDEFINED_OP_FLAG.
* vm_core.h: Ditto.
* vm_insnhelper.c (opt_eq_func): Use INTEGER_REDEFINED_OP_FLAG instead
of FIXNUM_REDEFINED_OP_FLAG.
* vm.c (vm_redefinition_check_flag): Use rb_cInteger instead of
rb_cFixnum and rb_cBignum.
(C): Use Integer instead of Fixnum and Bignum.
* numeric.c (fix_succ): Removed.
(Init_Numeric): Define Fixnum as Integer.
* bignum.c (bignew): Use rb_cInteger instead of Rb_cBignum.
(rb_int_coerce): replaced from rb_big_coerce and return fixnums
as-is.
(Init_Bignum): Define Bignum as Integer.
Don't define ===.
* error.c (builtin_class_name): Return "Integer" for fixnums.
* sprintf.c (ruby__sfvextra): Use rb_cInteger instead of rb_cFixnum.
* ext/-test-/testutil: New directory to test.
Currently it provides utilities for fixnum and bignum.
* ext/json/generator/generator.c: Define mInteger_to_json.
* lib/mathn.rb (Fixnum#/): Redefinition removed.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55024 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/json/generator/generator.c (cState_s_allocate): allocate
structs with making new wrapper objects and get rid of potential
memory leak.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50661 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
cross-compile environment.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50267 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[fix GH-867][Feature #11057]
* test/ruby/test_extlibs.rb: removed json gem from existence extentions.
* gems/bundled_gems: added json gem into bundled gem.
* lib/rdoc/rubygems_hook.rb: ignored no json environment.
* lib/rubygems/test_case.rb, test/rubygems/*: ditto.
* lib/rdoc/test_case.rb, test/rdoc/*: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50231 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
change usage of TypedData. [Feature #10739][ruby-core:67564]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49582 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
https://github.com/flori/json/compare/v1.8.1...17fe8e7
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49051 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49050 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/json/generator/generator.h (GENERATE_JSON): use GET_STATE_TO
macro, instead of TypedData_Get_Struct directly.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49048 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/json/generator/generator.c (JSON_Generator_State_type): add
#ifdef for backward compatibility.
* ext/json/parser/parser.rl (JSON_Parser_type): ditto.
* ext/json/generator/generator.h (ZALLOC): add fallback definition.
* ext/json/parser/parser.h (ZALLOC): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49038 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/json/generator/generator.c (JSON_Generator_State_type): turn
into typed data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@47797 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@47793 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
This includes security fix. [CVE-2013-0269]
https://github.com/flori/json/commit/d0a62f3ced7560daba2ad546d83f0479a5ae2cf2
https://groups.google.com/d/topic/rubyonrails-security/4_YvCpLzL58/discussion
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39208 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
fix tests and other fixes.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38346 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
https://github.com/flori/json/commit/e5b9a9465c1159fae533bca320d950b772bcb4ac
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35568 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35264 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-core:41917] [Bug #5846]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34971 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[Bug #5173] [ruby-core:38866]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33122 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[Bug #4700]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32493 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
unused.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@30346 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
e22b2f2bdfe6a9b0. this fixes some bugs.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@30003 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@28692 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27501 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27500 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27493 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
