IETF Logo Mail Archive

Re: [Json] [Technical Errata Reported] RFC8259 (7673)

Joe Hildebrand <hildjj@cursive.net> Wed, 11 October 2023 14:17 UTC

Return-Path: <hildjj@cursive.net>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3212C151998 for <json@ietfa.amsl.com>; Wed, 11 Oct 2023 07:17:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cursive.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kr24jCbURud7 for <json@ietfa.amsl.com>; Wed, 11 Oct 2023 07:17:12 -0700 (PDT)
Received: from mail-il1-x136.google.com (mail-il1-x136.google.com [IPv6:2607:f8b0:4864:20::136]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7E5BC15154A for <json@ietf.org>; Wed, 11 Oct 2023 07:17:12 -0700 (PDT)
Received: by mail-il1-x136.google.com with SMTP id e9e14a558f8ab-3574cde48b4so2037765ab.1 for <json@ietf.org>; Wed, 11 Oct 2023 07:17:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cursive.net; s=google; t=1697033831; x=1697638631; darn=ietf.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=go5WiwAj7GTnmw0Drpn+9YL5QRjHPSKl6EzGPsA/uWE=; b=dktuPukq/XEPGk8nqJ2psTayGkLtEyDfaU6zmYrUUBb7CxAZ6D1U6WXaQ6dv/7gX88 vYH01XIqc0s8lT6nHQAedu4wBpgIRwAZ75uOqTJn3KbLJuziBtHXHDYrjiY36YG+9Qiu mFtlSY+abo+uDPmvzklvO8MqIH9khPcM66kds=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697033831; x=1697638631; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=go5WiwAj7GTnmw0Drpn+9YL5QRjHPSKl6EzGPsA/uWE=; b=GPAlkxUiUwOhE2BlrDI6QpY+kS6OReiMtHuQB2uSOCSt2K2etgoHEPt/MHk57eAEqD TH25BEUb7RtLGA02TzO8d+/eaqlsbOdwxGjZo5T+ZrIOS6Viq6+lgNCe2pY6YG02Oad0 zp7NXQdFLZ7VaGx0a5C7fgWYbm85666sn7XLhXaBKRcYeLp3lJHExnNscdYIsDWlb8GL rnEtrkJJLsrOBiZ2tgWeFe3zBT2mfyDF3mBQ/HIBG89wHu6I5gD0iNRcT6dALfeVsX4r +lRK3ySBLUg6+PTgr1cv32NySh4mv8LQRR1/2XVHqX44vt6N77FDWzdcfxsIoo0Oko7F 3czQ==
X-Gm-Message-State: AOJu0YzhjCuT5cERzT5bR5A+WVM+xXFYG5wcsu5PjMMx8FD/Y3N3BxRs DKpK67dwVEefQrKWlSBi/nNNIw==
X-Google-Smtp-Source: AGHT+IE8Hpe4DYccfE0mIgJxrcaXyDpTETa+ZEu1B+uD/hdveliolczdcqNxLpxW8QyuCAVkGIY1/Q==
X-Received: by 2002:a6b:6816:0:b0:79f:b37f:98e6 with SMTP id d22-20020a6b6816000000b0079fb37f98e6mr21932817ioc.20.1697033831580; Wed, 11 Oct 2023 07:17:11 -0700 (PDT)
Received: from smtpclient.apple ([2601:282:2101:423e:c4c8:54f7:cab9:8f8e]) by smtp.gmail.com with ESMTPSA id e16-20020a02a510000000b0043ced98cf46sm3347865jam.7.2023.10.11.07.17.10 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 11 Oct 2023 07:17:11 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.100.2.1.4\))
From: Joe Hildebrand <hildjj@cursive.net>
In-Reply-To: <20231011065619.82BC5E6D69@rfcpa.amsl.com>
Date: Wed, 11 Oct 2023 08:17:00 -0600
Cc: Tim Bray <tbray@textuality.com>, "Murray S. Kucherawy" <superuser@gmail.com>, Francesca Palombini <francesca.palombini@ericsson.com>, linuxwolf+ietf@outer-planes.net, zachmcollier@gmail.com, json@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <CE22DEB9-FA3A-439B-A4CD-79138DBB18A5@cursive.net>
References: <20231011065619.82BC5E6D69@rfcpa.amsl.com>
To: RFC Editor <rfc-editor@rfc-editor.org>
X-Mailer: Apple Mail (2.3774.100.2.1.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/json/vD1gJfV9TntZ1svvnC2ibuCNgNY>
Subject: Re: [Json] [Technical Errata Reported] RFC8259 (7673)
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/json/>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Oct 2023 14:17:16 -0000

Suggested resolution: reject

RFC 8259's ABNF is quite clear that these codepoints are allowed: "unescaped = %x20-21 / %x23-5B / %x5D-10FFFF"

ECMA-404 agrees: "the control characters U+0000 to U+001F".

json.org's wording is awkward, but still clear: "any of the Unicode code points except the 32 control codes and "double quote"

Here is some JS to prove it got implemented this way:

```
JSON.parse('"\x7f"')
```

The approach in the errata might have been the correct one to have been specified, but it wasn't.  Even if we had wanted to make this change, it was far too late by the time RFC 4627 was written. 

— 
Joe Hildebrand

> On Oct 11, 2023, at 12:56 AM, RFC Errata System <rfc-editor@rfc-editor.org> wrote:
> 
> The following errata report has been submitted for RFC8259,
> "The JavaScript Object Notation (JSON) Data Interchange Format".
> 
> --------------------------------------
> You may review the report below and at:
> https://www.rfc-editor.org/errata/eid7673
> 
> --------------------------------------
> Type: Technical
> Reported by: Zachary Collier (Zamicol) <zachmcollier@gmail.com>
> 
> Section: 7
> 
> Original Text
> -------------
> The representation of strings is similar to conventions used in the C family
> of programming languages.  A string begins and ends with quotation marks. All
> Unicode characters may be placed within the quotation marks, except for the
> characters that MUST be escaped: quotation mark, reverse solidus, and the
> control characters (U+0000 through U+001F).
> 
> Corrected Text
> --------------
> The representation of strings is similar to conventions used in the C family
> of programming languages.  A string begins and ends with quotation marks.  All
> Unicode characters may be placed within the quotation marks, except for the
> characters that MUST be escaped: quotation mark, reverse solidus, and the
> control characters (U+0000 through U+001F, U+007F, and U+0080 through
> U+009F).
> 
> 
> Notes
> -----
> There are 33 7-bit control characters, but the JSON RFC only listed 32 by
> omitting the inclusion of the last control character in the 7-bit ASCII range,
> 'del.'  However, JSON is not limited to 7-bit ASCII; it is Unicode.  Unicode
> encompasses 65 control characters from U+0080 to U+009F, totaling an additional
> 32 characters.  The section that currently reads "U+0000 through U+001F" should
> include these additional control characters reading as "U+0000 through U+001F,
> U+007F, and U+0080 through U+009F"
> 
> Instructions:
> -------------
> This erratum is currently posted as "Reported". If necessary, please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party  
> can log in to change the status and edit the report, if necessary. 
> 
> --------------------------------------
> RFC8259 (draft-ietf-jsonbis-rfc7159bis-04)
> --------------------------------------
> Title               : The JavaScript Object Notation (JSON) Data Interchange Format
> Publication Date    : December 2017
> Author(s)           : T. Bray, Ed.
> Category            : INTERNET STANDARD
> Source              : Javascript Object Notation Update
> Area                : Applications and Real-Time
> Stream              : IETF
> Verifying Party     : IESG
> 
> _______________________________________________
> json mailing list
> json@ietf.org
> https://www.ietf.org/mailman/listinfo/json

v2.23.0 | Report a Bug | By Email