SQLite
View Ticket
Not logged in
Ticket UUID: 6c9b5514077fed34551f98e64c09a10dc2fc8e16
Title: JSON allows unescaped control characters in strings
Status: Fixed Type: Code_Defect
Severity: Important Priority: Immediate
Subsystem: Unknown Resolution: Fixed
Last Modified: 2017-04-10 12:25:16
Version Found In: 3.18.0
User Comments:
drh added on 2017-04-10 12:14:46:

The JSON spec requires that control characters are always escaped. However, the SQLite JSON1 extension allows unescaped control characters in input strings to the "json_valid()" function.