Off-by-1 error in JSON string escaping test (2.4, 2.5, ...)

41 views
Skip to first unread message

Toby Thain

unread,
Oct 8, 2012, 12:26:24 AM10/8/12
to lif...@googlegroups.com
This affected a Lift 2.4 application that we are running (the 0x1f character that sneaked through killed, as expected, the client's parser) but is in HEAD.



I'm also curious as to the purpose of the 2nd and 3rd range checks. Can somebody explain why they are needed?

--Toby

Denis Bardadym

unread,
Oct 8, 2012, 1:10:16 AM10/8/12
to lif...@googlegroups.com
It seems you are right.
\u001f it is control character.
Second range check it is Latin-1 Supplement Block - and not a control
characters (http://www.charbase.com/block/latin-supplement)
Third range check it is punctuation block - and not a control
charcters (http://www.charbase.com/block/general-punctuation).

Denis.

2012/10/8 Toby Thain <to...@telegraphics.com.au>:
> --
> --
> Lift, the simply functional web framework: http://liftweb.net
> Code: http://github.com/lift
> Discussion: http://groups.google.com/group/liftweb
> Stuck? Help us help you:
> https://www.assembla.com/wiki/show/liftweb/Posting_example_code
>
>
>

Joni Freeman

unread,
Oct 8, 2012, 3:40:59 AM10/8/12
to lif...@googlegroups.com
Hi,

Fixed in trunk now. Thanks for reporting!

Cheers Joni

Toby Thain

unread,
Oct 8, 2012, 7:42:57 PM10/8/12
to lif...@googlegroups.com


On Monday, 8 October 2012 01:10:21 UTC-4, Denis Bardadym wrote:
It seems you are right.
\u001f it is control character.

Certainly.
 
Second range check it is Latin-1 Supplement Block - and not a control
characters (http://www.charbase.com/block/latin-supplement)
Third range check it is punctuation block - and not a control
charcters (http://www.charbase.com/block/general-punctuation).


Do you know why it is necessary to handle these ranges specially? It wasn't obvious to me (e.g. from RFC) and there's no explanatory comment in the code.

--Toby

 

Denis Bardadym

unread,
Oct 9, 2012, 5:26:35 AM10/9/12
to lif...@googlegroups.com
Nope, i have no ideas.

-- 
Denis Bardadym
Отправлено при помощи Sparrow

вторник, 9 октября 2012 г. в 3:42, Toby Thain написал:

Joni Freeman

unread,
Oct 9, 2012, 8:07:43 AM10/9/12
to lif...@googlegroups.com
Hi,


On Tuesday, October 9, 2012 2:42:57 AM UTC+3, Toby Thain wrote:

Do you know why it is necessary to handle these ranges specially? It wasn't obvious to me (e.g. from RFC) and there's no explanatory comment in the code.

I no longer recall why those two blocks are escaped. Presumably I looked how
some other JSON parsers handled quoting and got it from there. I'll remove
that behaviour since the spec does not require escaping of those ranges.

Cheers Joni


Reply all
Reply to author
Forward
0 new messages