Comments (5)
Well, I have to admit, you certainly did your homework, more so than most people. :)
Just one question... did you read the README.md
? :)
from jsonkit.
Well, look at that, a whole paragraph for this exact issue. :-)
I do disagree, since I think JSONKit should just do the right thing and let the user deal with the security implications. Most users will be using NSString anyway, which does handle null characters correctly. However, yours is a perfectly valid decision.
I would request a more specific error message for this particular case, at least; e.g. "\u0000 is not allowed for security reasons, use JKParseOptionLooseUnicode"). Whether this is practical is up to you. It would have saved me an hour of research, but this is an obscure case.
BTW, the trigger was that I'm dealing with JSON from ID3 (MP3) tags from a large database of media files. Lots of null characters in there for inexplicable reasons.
Thanks for the library!
from jsonkit.
Bump. I would like to see this fixed too. I agree that the security issue is mitigated by using the NSString class, and valid Unicode and JSON should be respected.
from jsonkit.
+1
from jsonkit.
I'm busy writing my own UTF-8 library, and stumbled into the same issue. Right now I'm leaning towards not supporting U+0000 at all, for the same reasons as JSONKit. I'm curious to know if anyone has any real-world stories of a case where it was essential to support decoding U+0000? Is it possible that the ID3 tags mentioned above by @adamjernst were crafted with malicious intent, or that they were simply the result of buggy software that produced them?
from jsonkit.
Related Issues (20)
- Any popular replacement for JSONKit? HOT 2
- BSD two-clause or three-clause license? HOT 2
- crash at JSONKit.m:2598:77 HOT 2
- Error in serializing NSNumber HOT 2
- Supporting gzip decompression
- Swift HOT 7
- can not use with xcode 7 HOT 4
- Xcode 7 Before is use JSONKit in Object but now not use JSONKit in Xcode 7 HOT 7
- crash with iOS9 Xcode7 HOT 5
- Should be #import <JSONKit/JSONKit.h> or <GCJSONKit/JSONKit.h>? HOT 1
- please ignore
- Crash when NSDictionary to String json format. HOT 1
- about convert json to NSDictioanry (error if json string contains double field) HOT 7
- JsonKit message JSONDataWithOptions crashes in macOS Sierra HOT 1
- JSONKit Installation error in X-code 7.3.1 iOS 9.3 HOT 1
- iOS TRAP_TRACE crash
- JSONKit semantic issue after updating the pod HOT 3
- Tagged pointer format changes in iOS 14 break JSONKit on ARM64 HOT 8
- @serkrapiv Not necessarily verboten, just that they must be escaped. The first paragraph of 2.5 Strings says: HOT 1
- Yea
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jsonkit.