On Tue, 23 Feb 2021 at 18:46, Rowan Tommins <rowan.coll...@gmail.com> wrote:
> On 23/02/2021 18:21, Pavel Djundik via internals wrote: > > See https://nigeltao.github.io/blog/2021/json-with-commas-comments.html > > for more information. > > ... > > Perhaps this could be disabled by default and made opt-in with a > > option flag? json_decode already supports passing in options. > > The risk is that this opens the gate for a complex set of "quirks flags" > like the referenced Wuffs library I'm not against making changes to JSON parsing, but you're right about complexity, it can cause issues, especially if the JSON string is coming from an un-trusted source, e.g. https://labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability-vulnerabilities { "description": "Duplicate with comments", "test": 2, "extra": /*, "test": 1, "extra2": */ } Is this comment a problem (parse error), ignored so 'test' is set to 1 (assuming the duplicate key is allowed and the value is replaced), or handled as a comment so 'test' remains with the value 2? Craig
