Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Change the JSON extension so that it disallows control characters inside of strings. Fix for ticket [6c9b5514077fed34551f98e64c09a10dc2fc8e16]. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
475d8f82ec61a4ff3e6a7650731230cc |
| User & Date: | drh 2017-04-10 12:25:05 |
Context
|
2017-04-10
| ||
| 12:31 | Add a new JSON test case to verify that all control characters are escaped in the json_quote() function. check-in: 6ee12221 user: drh tags: trunk | |
| 12:25 | Change the JSON extension so that it disallows control characters inside of strings. Fix for ticket [6c9b5514077fed34551f98e64c09a10dc2fc8e16]. check-in: 475d8f82 user: drh tags: trunk | |
|
2017-04-09
| ||
| 19:23 | Do not expose the name of the internal Mem object in the public interface defined by sqlite3.h. check-in: 19dd753f user: drh tags: trunk | |
Changes
Changes to ext/misc/json1.c.
781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 |
return j+1;
}else if( c=='"' ){
/* Parse string */
u8 jnFlags = 0;
j = i+1;
for(;;){
c = z[j];
if( c==0 ) return -1;
if( c=='\\' ){
c = z[++j];
if( c=='"' || c=='\\' || c=='/' || c=='b' || c=='f'
|| c=='n' || c=='r' || c=='t'
|| (c=='u' && jsonIs4Hex(z+j+1)) ){
jnFlags = JNODE_ESCAPE;
}else{
|
| |
781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 |
return j+1;
}else if( c=='"' ){
/* Parse string */
u8 jnFlags = 0;
j = i+1;
for(;;){
c = z[j];
if( c<=0x1f ) return -1; /* Control characters not allowed in strings */
if( c=='\\' ){
c = z[++j];
if( c=='"' || c=='\\' || c=='/' || c=='b' || c=='f'
|| c=='n' || c=='r' || c=='t'
|| (c=='u' && jsonIs4Hex(z+j+1)) ){
jnFlags = JNODE_ESCAPE;
}else{
|
Changes to test/json102.test.
314 315 316 317 318 319 320 321 322 |
do_execsql_test json102-1406 { SELECT json_valid('{"x":-0.1}') } 1
do_execsql_test json102-1407 { SELECT json_valid('{"x":0.0000}') } 1
do_execsql_test json102-1408 { SELECT json_valid('{"x":-0.0000}') } 1
do_execsql_test json102-1409 { SELECT json_valid('{"x":01.5}') } 0
do_execsql_test json102-1410 { SELECT json_valid('{"x":-01.5}') } 0
do_execsql_test json102-1411 { SELECT json_valid('{"x":00}') } 0
do_execsql_test json102-1412 { SELECT json_valid('{"x":-00}') } 0
finish_test
|
> > > > > > > > > > > |
314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 |
do_execsql_test json102-1406 { SELECT json_valid('{"x":-0.1}') } 1
do_execsql_test json102-1407 { SELECT json_valid('{"x":0.0000}') } 1
do_execsql_test json102-1408 { SELECT json_valid('{"x":-0.0000}') } 1
do_execsql_test json102-1409 { SELECT json_valid('{"x":01.5}') } 0
do_execsql_test json102-1410 { SELECT json_valid('{"x":-01.5}') } 0
do_execsql_test json102-1411 { SELECT json_valid('{"x":00}') } 0
do_execsql_test json102-1412 { SELECT json_valid('{"x":-00}') } 0
#------------------------------------------------------------------------
# 2017-04-10 ticket 6c9b5514077fed34551f98e64c09a10dc2fc8e16
# JSON extension accepts strings containing control characters.
#
# The JSON spec requires that all control characters be escaped.
#
do_execsql_test json102-1500 {
WITH RECURSIVE c(x) AS (VALUES(1) UNION ALL SELECT x+1 FROM c WHERE x<0x20)
SELECT x FROM c WHERE json_valid(printf('{"a":"x%sz"}', char(x))) ORDER BY x;
} {32}
finish_test
|