[Issue 14727] New: std.json incorrectly supports inf and nan
via Digitalmars-d-bugs
digitalmars-d-bugs at puremagic.com
Tue Jun 23 11:53:29 PDT 2015
https://issues.dlang.org/show_bug.cgi?id=14727
Issue ID: 14727
Summary: std.json incorrectly supports inf and nan
Product: D
Version: D2
Hardware: x86_64
OS: Linux
Status: NEW
Severity: normal
Priority: P1
Component: phobos
Assignee: nobody at puremagic.com
Reporter: lumi.pakkanen at gmail.com
The JSON specification intentionally leaves out encodings for Infinity and NaN
as these are global variables in javascript that can be replaced with something
malicious.
std.json currently encodes double.infinity as inf and double.nan as nan. These
variables can also be replaced with malicious versions.
The correct encoding for double.infinity, -double.infinity and double.nan is
null.
import std.json;
void main()
{
assert(JSONValue(double.infinity).toString == "null");
assert(JSONValue(-double.infinity).toString == "null");
assert(JSONValue(double.nan).toString == "null");
}
--
More information about the Digitalmars-d-bugs
mailing list