--- draft-ietf-jsonbis-rfc7159bis-03.xml 2017-07-18 11:26:50.838824100 +0100 +++ draft-ietf-jsonbis-rfc7159bis-latest.xml 2017-07-18 11:23:10.793589800 +0100 @@ -20,10 +20,10 @@ @@ -36,10 +36,9 @@ - - -Operations and Management -JSON Working Group + +Applications and Real-Time +JSON @@ -93,7 +92,7 @@ -
+
This document updates , which describes JSON and registers the media type "application/json". JSON is also described in . @@ -113,7 +112,7 @@ together to ensure that the two documents stay aligned through the change.
-
+
In the years since the publication of RFC 4627, JSON has found very wide use. This experience has revealed certain patterns, which, while allowed by its specifications, have caused interoperability @@ -141,13 +140,13 @@ called for will be interoperable in the sense that all implementations will accept these as conforming JSON texts. -
+
JSON-text = ws value ws
These are the six structural characters: -
+
begin-array = ws %x5B ws ; [ left square bracket begin-object = ws %x7B ws ; { left curly bracket @@ -164,7 +163,7 @@ Insignificant whitespace is allowed before or after any of the six structural characters. -
+
ws = *( %x20 / ; Space %x09 / ; Horizontal tab @@ -178,14 +177,14 @@ A JSON value MUST be an object, array, number, or string, or one of the following three literal names: -
+
false null true
The literal names MUST be lowercase. No other literal names are allowed. -
+
value = false / null / true / object / array / number / string false = %x66.61.6c.73.65 ; false @@ -205,7 +204,7 @@ from the value. A single comma separates a value from a following name. The names within an object SHOULD be unique. -
+
object = begin-object [ member *( value-separator member ) ] end-object @@ -234,7 +233,7 @@ An array structure is represented as square brackets surrounding zero or more values (or elements). Elements are separated by commas. -
+
array = begin-array [ value *( value-separator value ) ] end-array
@@ -259,7 +258,7 @@ Numeric values that cannot be represented in the grammar below (such as Infinity and NaN) are not permitted. -
+
number = [ minus ] int [ frac ] [ exp ] decimal-point = %x2E ; . @@ -328,7 +327,7 @@ containing only the G clef character (U+1D11E) may be represented as "\uD834\uDD1E". -
+
string = quotation-mark *char quotation-mark char = unescaped / @@ -354,20 +353,23 @@
-
-JSON text SHALL be encoded in UTF-8, UTF-16, or UTF-32 - (Section 3). The default -encoding is UTF-8, and -JSON texts that are encoded in UTF-8 are interoperable in the sense that -they will be read successfully by the maximum number of implementations; there -are many implementations that cannot successfully read texts in other -encodings (such as UTF-16 and UTF-32). - -Implementations MUST NOT add a byte order mark (U+FEFF) -to the beginning of a JSON -text. In the interests of interoperability, implementations that parse JSON -texts MAY ignore the presence of a byte order mark rather than treating it as -an error. +
+ +When transmitting over a network protocol, or as a payload of a +network protocol intended to be interpreted as part of a protocol, +JSON text MUST be encoded in UTF-8 (Section 3 of ). + +Previous specifications of JSON have not required the use of UTF-8 +when transmitting JSON text. However, the vast majority of +JSON-based software implementations have chosen to use the UTF-8 +encoding, to the extent that it is the only encoding that achieves +interoperability. + +Implementations MUST NOT add a byte order mark (U+FEFF) to the +beginning of a networked-transmitted JSON text. In the interests +of interoperability, implementations that parse JSON texts MAY +ignore the presence of a byte order mark rather than treating it +as an error.
@@ -473,7 +475,7 @@
-
+
Generally, there are security issues with scripting languages. JSON is a subset of JavaScript but excludes @@ -496,7 +498,7 @@ This is a JSON object: -
+
{ "Image": { "Width": 800, @@ -518,7 +520,7 @@ This is a JSON array containing two objects: -
+
[ { "precision": "zip", @@ -544,7 +546,7 @@
Here are three small JSON texts containing only values: -
+
"Hello world!" @@ -629,7 +631,7 @@ - + Errata ID 607 RFC Errata @@ -638,7 +640,7 @@ - + Errata ID 3607 RFC Errata @@ -647,7 +649,7 @@ - + Errata ID 7159 RFC Errata @@ -656,7 +658,7 @@ - + Errata ID 7159 RFC Errata @@ -665,7 +667,7 @@ - + Errata ID 7159 RFC Errata @@ -683,15 +685,18 @@ -Section 1.2 has been updated to reflect the removal of a JSON specification + has been updated to reflect the removal of a JSON specification from ECMA-262, to make the reference to ECMA-404 normative, and to explain the particular meaning of "normative". -Section 1.3 has been updated to reflect errata filed against RFC7159, + has been updated to reflect errata filed against RFC7159, not RFC4627. -Section 12 has been updated to increase the precision of the description + was changed to require the use of UTF-8 when transmitted over a network. + + + has been updated to increase the precision of the description of the security risk that follows from using the ECMAScript "eval()" function.