digitalmars.D.bugs - [Issue 14727] New: std.json incorrectly supports inf and nan

via Digitalmars-d-bugs (28/28) Jun 23 2015 https://issues.dlang.org/show_bug.cgi?id=14727

via Digitalmars-d-bugs <digitalmars-d-bugs puremagic.com> writes:

https://issues.dlang.org/show_bug.cgi?id=14727

          Issue ID: 14727
           Summary: std.json incorrectly supports inf and nan
           Product: D
           Version: D2
          Hardware: x86_64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P1
         Component: phobos
          Assignee: nobody puremagic.com
          Reporter: lumi.pakkanen gmail.com

The JSON specification intentionally leaves out encodings for Infinity and NaN
as these are global variables in javascript that can be replaced with something
malicious.

std.json currently encodes double.infinity as inf and double.nan as nan. These
variables can also be replaced with malicious versions.

The correct encoding for double.infinity, -double.infinity and double.nan is
null.

import std.json;

void main()
{
    assert(JSONValue(double.infinity).toString == "null");
    assert(JSONValue(-double.infinity).toString == "null");
    assert(JSONValue(double.nan).toString == "null");
}

--

Jun 23 2015

D Programming

C/C++ Programming

Other

digitalmars.D.bugs - [Issue 14727] New: std.json incorrectly supports inf and nan