Re: [Json] Leading and trailing whitespace

Nico Williams <> Tue, 11 June 2013 03:42 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A2C9111E80D5 for <>; Mon, 10 Jun 2013 20:42:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id vuvmc4n+0DNR for <>; Mon, 10 Jun 2013 20:42:24 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id A8A2E11E80CC for <>; Mon, 10 Jun 2013 20:42:24 -0700 (PDT)
Received: from (localhost []) by (Postfix) with ESMTP id 9D110674059 for <>; Mon, 10 Jun 2013 20:42:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type;; bh=8fhHvgavCvFz7jw4g9Xw z50A+J4=; b=gRB6j8ufnHvhLpuWMovgMOYLJaXmG2JnKug0gsrNJHMyS//LfYSg DqbIqwqmmsTku4y6Cs0LXiGvR/P+t7R/8o7hX/j9d0APCXiskyrJE/gRVS5+G8rp mDjAeBe0BwVnmTjUvhu4rCJi5g4bSMs8DqZ+jF20GPWLk5p1LsHKiSk=
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: by (Postfix) with ESMTPSA id 4E733674057 for <>; Mon, 10 Jun 2013 20:42:23 -0700 (PDT)
Received: by with SMTP id hq4so1483730wib.14 for <>; Mon, 10 Jun 2013 20:42:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=51uoy5VQ6omAc4HKsTb5xYXPoTBqPVFEYvkwmowXUkI=; b=fNAk8olijZhDFaExFnt4QTK/B58jeMPYSte3rcFDbGe+iVuEStPdYQD8iLbPtfxy9s UGzbD1VSPqg0Ik35TqKcO9AB+4tQuWhV1VkbsZCDAkPXL1zAGEOiNYPjkImXscs8JHxp nxDfYZUyud2KfbfAqjaiUx2dmd2unP3CzH5p1BSuFtQhgLig360RZSfOh4oD9GiT6Dqx nG4LXAYbYYkiTKOZ4PKxG581U+MwFaw6nOO2ELUuDeNP/olw6q3Nu6W5Ef6QdTmV2Sgu Z/DKlKuCRtpt+VKKNEy/FxhY0vqILSOkRCi08tD18SEEv0KvM+KYBFByTPdJkFGKDswX vvUw==
MIME-Version: 1.0
X-Received: by with SMTP id s3mr7231744wja.41.1370922142008; Mon, 10 Jun 2013 20:42:22 -0700 (PDT)
Received: by with HTTP; Mon, 10 Jun 2013 20:42:21 -0700 (PDT)
In-Reply-To: <>
References: <06c101ce6625$0f891bf0$2e9b53d0$> <> <06e901ce6638$e8f27a90$bad76fb0$> <> <070b01ce664b$e5e0ac10$b1a20430$> <>
Date: Mon, 10 Jun 2013 22:42:21 -0500
Message-ID: <>
From: Nico Williams <>
To: Paul Hoffman <>
Content-Type: text/plain; charset=UTF-8
Cc: Jim Schaad <>,
Subject: Re: [Json] Leading and trailing whitespace
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 11 Jun 2013 03:42:29 -0000

On Mon, Jun 10, 2013 at 9:53 PM, Paul Hoffman <> wrote:
> On Jun 10, 2013, at 7:32 PM, "Jim Schaad" <> wrote:
> You might be asking "if we allow other JSON items at the top level, will we also allow optional whitespace before and after". But that's a supposition, not a question about what is in the document now.

Sure, but since we're full-out having the any value type at the
top-level discussion (and it looks like we'll at least have to have
informational text acknowledging that ECMAScript will allow them) this
becomes relevant.

Do implementations that allow any value type at the top-level allow
leading and/or trailing whitespace?

*Should* they?

IMO the intuitive answer to the last should be "yes", that arbitrary
amounts of whitespace can surround any value regardless of where it
appears.  But my intuition could be wrong.

> You have changed the subject of the question, then. You were asking about the top level, without a container. I claim my answer is correct for the question you asked.

Well, that's what happens when people have discussions...  :)

> None of the objects other than arrays and objects have optional whitespace. None.

Indeed.  But that might need to change with the top-level value type
discussion.  Or if not "need", we might want it to anyways.

>> Yes -but what I am saying is that there are (probably) parsers which stop
>> before the string has been fully consumed.  Thus they would accept the
>> string as valid.
> There are (probably) parsers that do all sorts of stupid, non-conformant things. Why is that relevant here?

Actually, that seems very relevant for the Security Considerations
section.  What should parsers do with any content left over after
parsing the end of a top-level value?

Trailing whitespace would allow parsers to delimit top-level numeric
values when end-of-message might be hard to distinguish from a TCP

Trailing content might allow smuggling of data past a JSON parser,
where it could do damage (e.g., get past deep packet inspectors).

Perhaps the simplest thing to do would be to allow just one space to
trail top-level values.