[Issue 14727] New: std.json incorrectly supports inf and nan

via Digitalmars-d-bugs digitalmars-d-bugs at puremagic.com
Tue Jun 23 11:53:29 PDT 2015


https://issues.dlang.org/show_bug.cgi?id=14727

          Issue ID: 14727
           Summary: std.json incorrectly supports inf and nan
           Product: D
           Version: D2
          Hardware: x86_64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P1
         Component: phobos
          Assignee: nobody at puremagic.com
          Reporter: lumi.pakkanen at gmail.com

The JSON specification intentionally leaves out encodings for Infinity and NaN
as these are global variables in javascript that can be replaced with something
malicious.

std.json currently encodes double.infinity as inf and double.nan as nan. These
variables can also be replaced with malicious versions.

The correct encoding for double.infinity, -double.infinity and double.nan is
null.

import std.json;

void main()
{
    assert(JSONValue(double.infinity).toString == "null");
    assert(JSONValue(-double.infinity).toString == "null");
    assert(JSONValue(double.nan).toString == "null");
}

--


More information about the Digitalmars-d-bugs mailing list