[Bug 29665] New: [SER31] JSON escaping from bugzilla@jessica.w3.org on 2016-05-26 (public-qt-comments@w3.org from May 2016)

From: <bugzilla@jessica.w3.org>
Date: Thu, 26 May 2016 10:05:56 +0000
To: public-qt-comments@w3.org
Message-ID: <bug-29665-523@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=29665

            Bug ID: 29665
           Summary: [SER31] JSON escaping
           Product: XPath / XQuery / XSLT
           Version: Candidate Recommendation
          Hardware: PC
               URL: https://www.w3.org/XML/Group/qtspecs/specifications/xs
                    lt-xquery-serialization-31/html/Overview.html#json-out
                    put
                OS: Windows NT
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Serialization 3.1
          Assignee: cmsmcq@blackmesatech.com
          Reporter: tim@cbcl.co.uk
        QA Contact: public-qt-comments@w3.org
  Target Milestone: ---

The rules for JSON encoding state:

"JSON escaping replaces the characters quotation mark, backspace, form-feed,
newline, carriage return, or tab by the corresponding JSON escape sequences \",
\b, \f, \n, \r, or \t respectively, and any other codepoint in the range 1-31
or 127-159 by an escape in the form \uHHHH where HHHH is the hexadecimal
representation of the codepoint value. Escaping is also applied to any
characters that cannot be represented in the selected encoding."

This appears to omit the escaping of reverse-solidus (codepoint 92) as \\.

It also omits the escaping of solidus (character 47).  Reading up on the
subject [1], it appears it is advisable to escape this character so that it is
safe to embed the JSON substring "</script>" in HTML.

[1] http://andowebsit.es/blog/noteslog.com/post/the-solidus-issue/

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Thursday, 26 May 2016 10:05:59 UTC