archive/ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2025-08-17 06:29:05 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
81703 commits 29 branches 1174 tags 480 MiB
Commit graph

27 commits

Author SHA1 Message Date
Hiroshi SHIBATA
abc3d124f7 [flori/json] The modern Ruby uses utf-8 encodings by default 
11b31210ac
 2023-12-05 12:04:10 +09:00
Takashi Kokubun
e6b35e8a6d [flori/json] Overload kwargs in JSON.dump 
936f280f9f
 2023-12-05 12:04:08 +09:00
Jean Boussier
a22ed89438 [flori/json] JSON.dump: handle unenclosed hashes regression 
Fix: https://github.com/flori/json/issues/553

We can never add keyword arguments to `dump` otherwise
existing code using unenclosed hash will break.

8e0076a3f2
 2023-12-05 12:04:07 +09:00
Hiroshi SHIBATA
86045fca24
Manually merged from flori/json 
> https://github.com/flori/json/pull/525
  > Rename escape_slash in script_safe and also escape E+2028 and E+2029

  Co-authored-by: Jean Boussier <jean.boussier@gmail.com>

  > https://github.com/flori/json/pull/454
  > Remove unnecessary initialization of create_id in JSON.parse()

  Co-authored-by: Watson <watson1978@gmail.com>
 2023-12-01 16:47:06 +09:00
Jean Boussier
0dfeb17296
Rename escape_slash in script_safe and also escape E+2028 and E+2029 
It is rather common to directly interpolate JSON string inside
<script> tags in HTML as to provide configuration or parameters to a
script.

However this may lead to XSS vulnerabilities, to prevent that 3
characters need to be escaped:

  - `/` (forward slash)
  - `U+2028` (LINE SEPARATOR)
  - `U+2029` (PARAGRAPH SEPARATOR)

The forward slash need to be escaped to prevent closing the script
tag early, and the other two are valid JSON but invalid Javascript
and can be used to break JS parsing.

Given that the intent of escaping forward slash is the same than escaping
U+2028 and U+2029, I chos to rename and repurpose the existing `escape_slash`
option.
 2023-12-01 16:47:06 +09:00
Hiroshi SHIBATA
e42df781d9
[flori/json] define_method is also private at Ruby 2.3 and 2.4 
3804f38bf4
 2023-10-11 15:45:17 +09:00
Hiroshi SHIBATA
1b19e9198d
[flori/json] remove_method of Module is private at Ruby 2.3 and 2.4 
6cbadf6b6e
 2023-10-11 15:45:17 +09:00
Hiroshi SHIBATA
c75d54a36c
Fixup 1851824b1c 2023-09-13 16:23:18 +09:00
Hiroshi SHIBATA
1851824b1c [flori/json] alias_method is private on Ruby 2.3 and 2.4 
573ef94bc5
 2023-09-13 16:01:19 +09:00
Yusuke Endoh
77db0ca6c8 Prevent a warning: method redefined; discarding old included 
```
[ 3463/25719] JSONGeneratorTest#test_string_ext_included_calls_super/home/chkbuild/chkbuild/tmp/build/20230905T063003Z/ruby/test/json/json_generator_test.rb:411: warning: method redefined; discarding old included
/home/chkbuild/chkbuild/tmp/build/20230905T063003Z/ruby/test/json/json_generator_test.rb:399: warning: previous definition of included was here
```

20230905T063003Z.log.html.gz
 2023-09-05 17:29:53 +09:00
Peter Zhu
91de37c23e Remove --disable-gems in assert_in_out_err 
assert_in_out_err adds --disable=gems so we don't need to add
--disable-gems in the args list.
 2023-08-28 15:05:19 -04:00
Takashi Kokubun
96a809f621 Use require_relative in JSON tests 
to prevent them from conflicting with yarp/test_helper
 2023-08-25 15:32:14 -07:00
Nobuyoshi Nakada
9f51810f34 [flori/json] Skip unsupported test on JRuby 
7138bf32c7
 2023-07-18 12:25:54 +09:00
Ufuk Kayserilioglu
12dfd9d1c9
[flori/json] Call super in included hook 
The C extension defines an `included` hook for the
`JSON::Ext::Generator::GeneratorMethods::String` module but neglects to
call `super` in the hook. This can break the functionality of various
other code that rely on the fact that `included` on `Module` will always
be called.

cd8bbe56a3
 2023-05-24 09:37:30 +09:00
Hiroshi SHIBATA
edb76e8765 Prepare to release json-2.5.0 2020-12-22 19:44:27 +09:00
Kenta Murata
98cc15ed1e
[json] Stop using prototype objects 2020-12-21 22:10:33 +09:00
Chris Seaton
451836f582
Fix an issue with generate_pretty and empty objects in the Ruby and Java implementations 2020-10-20 21:46:54 +09:00
Kazuhiro NISHIYAMA
ac414139ec
Remove unnecessary executable bit [ci skip] 2020-09-28 23:07:43 +09:00
Karol Bucek
0089854fc5 [test] properly 'skip' test on JRuby 
an early return still caused ensure to execute,
setting JSON constant to `nil` for later tests!
 2020-09-25 17:28:42 +09:00
Jean Boussier
e1659af372 Add an option to escape forward slash character 
Squashed commit of the following:

commit 26d181059989279a79c433cedcd893b4f52e42ee
Author: Francois Chagnon <francois.chagnon@jadedpixel.com>
Date:   Tue Sep 15 21:17:34 2015 +0000

    add config options for escape_slash

commit fa282334051b16df91ca097dd7304b46f3bc7719
Author: Francois Chagnon <francois.chagnon@jadedpixel.com>
Date:   Mon Feb 9 21:09:33 2015 +0000

    add forward slash to escape character
 2020-09-25 17:28:42 +09:00
Hiroshi SHIBATA
53e8589c69
Import json-2.3.0 from flori/json 2019-12-12 09:14:09 +09:00
Nobuyoshi Nakada
f83bebdf7a
Skip useless test 
`JSONGeneratorTest#test_remove_const_seg` is meaningful only for
the extension library version, but nonsense for pure ruby version.
 2019-11-29 11:21:38 +09:00
Aaron Patterson
9026e12f93
Look up constant instead of caching in a global 
The global can go bad if the compactor runs, so we need to look up the
constant instead of caching it in a global.
 2019-10-17 13:30:09 -07:00
Nobuyoshi Nakada
2003755a2c
[flori/json] Fixed unexpected illegal/malformed utf-8 error 
flori/json@c34d01ff6a does not
consider US-ASCII compatible but non-UTF-8 encodings, and causes
an error in RDoc tests.

4f471bf590
 2019-10-14 19:54:48 +09:00
hsbt
83735ba29a Merge json-2.0.4. 
* https://github.com/flori/json/releases/tag/v2.0.4
  * 09fabeb03e/CHANGES.md (2017-03-23-204)

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58323 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2017-04-12 00:21:18 +00:00
nobu
7f6410f02d json_generator_test.rb: no Bignum 
* test/json/json_generator_test.rb (test_broken_bignum): get rid
  of use of Bignum, obsolete name.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56126 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2016-09-09 09:27:38 +00:00
hsbt
a7b5d45466 * test/lib/test/unit.rb: added test files with _test suffix for json 
upstream.
* test/json: merge original test files from json upstream.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55667 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2016-07-13 13:27:07 +00:00
Renamed from test/json/test_json_generator.rb (Browse further)