It is rather common to directly interpolate JSON string inside
<script> tags in HTML as to provide configuration or parameters to a
script.
However this may lead to XSS vulnerabilities, to prevent that 3
characters need to be escaped:
- `/` (forward slash)
- `U+2028` (LINE SEPARATOR)
- `U+2029` (PARAGRAPH SEPARATOR)
The forward slash need to be escaped to prevent closing the script
tag early, and the other two are valid JSON but invalid Javascript
and can be used to break JS parsing.
Given that the intent of escaping forward slash is the same than escaping
U+2028 and U+2029, I chos to rename and repurpose the existing `escape_slash`
option.
The C extension defines an `included` hook for the
`JSON::Ext::Generator::GeneratorMethods::String` module but neglects to
call `super` in the hook. This can break the functionality of various
other code that rely on the fact that `included` on `Module` will always
be called.
cd8bbe56a3
It makes testing for JSON errors very tedious. You either have
to use a Regexp or to regularly update all your assertions
when JSON is upgraded.
de9eb1d28e
This value should either be pinned, or looked up when needed at runtime.
Without pinning, the GC may move the encoding object, and that could
cause a crash.
In this case it is easier to find the value at runtime, and there is no
performance penalty (as Ruby caches encoding indexes). We can shorten
the code, be compaction friendly, and incur no performance penalty.
In where to convert Hash key to String for json, this patch will add shortcut for String/Symbol in Hash key.
```
$ ruby bench_json_generate.rb
Warming up --------------------------------------
json 65.000 i/100ms
Calculating -------------------------------------
json 659.576 (± 1.5%) i/s - 3.315k in 5.027127s
```
```
$ ruby bench_json_generate.rb
Warming up --------------------------------------
json 78.000 i/100ms
Calculating -------------------------------------
json 789.781 (± 2.7%) i/s - 3.978k in 5.041043s
```
```
require 'json'
require 'benchmark/ips'
obj = []
1000.times do |i|
obj << {
"id" => i,
:age => 42,
}
end
Benchmark.ips do |x|
x.report "json" do |iter|
count = 0
while count < iter
JSON.generate(obj)
count += 1
end
end
end
```
38c0f6dbe4
To convert Hash convert, this part was using following pseudo code
```
obj.keys.each do |key|
value = obj[key]
...
end
```
and `rb_funcall()` was called for `obj.keys`.
It might be slightly heavy to call the Ruby method.
This patch will iterate to convert Hash object about key/value using `rb_hash_foreach()` Ruby API instead of `rb_funcall()`.
```
$ ruby bench_json_generate.rb
Warming up --------------------------------------
json 55.000 i/100ms
Calculating -------------------------------------
json 558.501 (± 1.1%) i/s - 2.805k in 5.022986s
```
```
$ ruby bench_json_generate.rb
Warming up --------------------------------------
json 65.000 i/100ms
Calculating -------------------------------------
json 659.576 (± 1.5%) i/s - 3.315k in 5.027127s
```
```
require 'json'
require 'benchmark/ips'
obj = []
1000.times do |i|
obj << {
"id" => i,
:age => 42,
}
end
Benchmark.ips do |x|
x.report "json" do |iter|
count = 0
while count < iter
JSON.generate(obj)
count += 1
end
end
end
```
a73323dc5e
`rb_funcall` might be slightly heavy to call the Ruby method.
This patch will convert String encoding using `rb_str_encode()` instead of `rb_funcall()`.
## Before
```
$ ruby bench_json_generate.rb
Warming up --------------------------------------
json 78.000 i/100ms
Calculating -------------------------------------
json 789.781 (± 2.7%) i/s - 3.978k in 5.041043s
```
## After
```
$ ruby bench_json_generate.rb
Warming up --------------------------------------
json 129.000 i/100ms
Calculating -------------------------------------
json 1.300k (± 2.3%) i/s - 6.579k in 5.064656s
```
## Code
```
require 'json'
require 'benchmark/ips'
obj = []
1000.times do |i|
obj << {
"id" => i,
:age => 42,
}
end
Benchmark.ips do |x|
x.report "json" do |iter|
count = 0
while count < iter
JSON.generate(obj)
count += 1
end
end
end
```
9ae6d2969c
For some reason symbols (or classes) are being overridden in trunk
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@67598 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit adds the new method `GC.compact` and compacting GC support.
Please see this issue for caveats:
https://bugs.ruby-lang.org/issues/15626
[Feature #15626]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@67576 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Because hard to specify commits related to r67479 only.
So please commit again.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@67499 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
JSON gem is referencing constants defined in Ruby then keeping a
reference as a global. We need to register these globals so they stay
pinned.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@67483 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* include/ruby/ruby.h (RUBY_INTEGER_UNIFICATION): macro to tell if
Integer is integrated. [ruby-core:75718][Bug #12427]
* include/ruby/backward.h, internal.h (rb_cFixnum, rb_cBignum):
fallback to rb_cInteger.
* bignum.c, numeric.c, ext/json/generator/generator.{c,h}: use the
macro.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55394 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* [Feature #12005] Unify Fixnum and Bignum into Integer
* include/ruby/ruby.h (rb_class_of): Return rb_cInteger for fixnums.
* insns.def (INTEGER_REDEFINED_OP_FLAG): Unified from
FIXNUM_REDEFINED_OP_FLAG and BIGNUM_REDEFINED_OP_FLAG.
* vm_core.h: Ditto.
* vm_insnhelper.c (opt_eq_func): Use INTEGER_REDEFINED_OP_FLAG instead
of FIXNUM_REDEFINED_OP_FLAG.
* vm.c (vm_redefinition_check_flag): Use rb_cInteger instead of
rb_cFixnum and rb_cBignum.
(C): Use Integer instead of Fixnum and Bignum.
* numeric.c (fix_succ): Removed.
(Init_Numeric): Define Fixnum as Integer.
* bignum.c (bignew): Use rb_cInteger instead of Rb_cBignum.
(rb_int_coerce): replaced from rb_big_coerce and return fixnums
as-is.
(Init_Bignum): Define Bignum as Integer.
Don't define ===.
* error.c (builtin_class_name): Return "Integer" for fixnums.
* sprintf.c (ruby__sfvextra): Use rb_cInteger instead of rb_cFixnum.
* ext/-test-/testutil: New directory to test.
Currently it provides utilities for fixnum and bignum.
* ext/json/generator/generator.c: Define mInteger_to_json.
* lib/mathn.rb (Fixnum#/): Redefinition removed.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55024 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/json/generator/generator.c (cState_s_allocate): allocate
structs with making new wrapper objects and get rid of potential
memory leak.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50661 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/json/generator/generator.c (generate_json): get rid of
unnecessary recursive calls which can cause infinite recursion.
T_STRING may not have rb_cString.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49562 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
use 0 for rb_data_type_t::reserved instead of NULL, since its type
may be changed in the future and possibly not a pointer type.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48662 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
002ac2771c...e09ffc0d7d
* Remove Rubinius exception since transcoding should be working now.
* Fix https://github.com/flori/json/issues/162 reported by Marc-Andre
Lafortune <github_rocks@marc-andre.ca>. Thanks!
* Applied patches by Yui NARUSE <naruse@airemix.jp> to suppress
warning with -Wchar-subscripts and better validate UTF-8 strings.
* Applied patch by ginriki@github to remove unnecessary if.
* Add load/dump interface to JSON::GenericObject to make
serialize :some_attribute, JSON::GenericObject
work in Rails active models for convenient
SomeModel#some_attribute.foo.bar access to serialised JSON data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43731 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/bigdecimal/bigdecimal.c, ext/digest/md5/md5.c,
ext/json/fbuffer/fbuffer.h, ext/json/generator/generator.c:
Eliminate less-than-zero checks for unsigned variables.
According to section 4.1.5 of C89 standard, size_t is an unsigned
type. These checks were found with 'cppcheck' static analysis tool.
[ruby-core:57117] [Feature #8890]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42920 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
