| Age | Commit message (Collapse) | Author |
|---|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/12003
|
|
https://github.com/ruby/json/commit/fb25e94aea
|
|
Co-authored-by: Jean Boussier <[email protected]>
|
|
It is rather common to directly interpolate JSON string inside
<script> tags in HTML as to provide configuration or parameters to a
script.
However this may lead to XSS vulnerabilities, to prevent that 3
characters need to be escaped:
- `/` (forward slash)
- `U+2028` (LINE SEPARATOR)
- `U+2029` (PARAGRAPH SEPARATOR)
The forward slash need to be escaped to prevent closing the script
tag early, and the other two are valid JSON but invalid Javascript
and can be used to break JS parsing.
Given that the intent of escaping forward slash is the same than escaping
U+2028 and U+2029, I chos to rename and repurpose the existing `escape_slash`
option.
|
|
This change fixes an incorrect `#` position in the API documentation of the `JSON` module.
https://github.com/flori/json/commit/dc4b62424f
|
|
https://github.com/flori/json/commit/e4eead665c
Notes:
Merged: https://github.com/ruby/ruby/pull/3581
|
|
https://github.com/flori/json/commit/20d7be605a
Notes:
Merged: https://github.com/ruby/ruby/pull/3581
|
|
https://github.com/flori/json/commit/470d909c0d
|
|
https://github.com/flori/json/commit/7bee2c7c13
|
|
https://github.com/flori/json/commit/e7e3732130
|
|
https://github.com/flori/json/commit/3845491d92
|
|
https://github.com/flori/json/commit/4ede0a7d19
|
|
This text used to be true in older versions of json, but has not
been true for a number of years (since json version 2 I think).
https://github.com/flori/json/commit/373b633f38
|
|
It only fixes styles of frozen string literal.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55671 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
g -L frozen_string_literal ext/**/*.rb|xargs ruby -Ka -e'ARGV.each{|fn|puts
fn;open(fn,"r+"){|f|s=f.read.sub(/\A(#!.*\n)?(#.*coding.*\n)?/,"\\&#
frozen_string_literal: false\n");f.rewind;f.write s}}'
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53143 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
cross-compile environment.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50267 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[fix GH-867][Feature #11057]
* test/ruby/test_extlibs.rb: removed json gem from existence extentions.
* gems/bundled_gems: added json gem into bundled gem.
* lib/rdoc/rubygems_hook.rb: ignored no json environment.
* lib/rubygems/test_case.rb, test/rubygems/*: ditto.
* lib/rdoc/test_case.rb, test/rdoc/*: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50231 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39046 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[Bug #5173] [ruby-core:38866]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33122 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[Bug #4700]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32493 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@26811 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@24727 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@23346 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@22784 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
--
M trunk/ChangeLog
D trunk/lib/json
D trunk/lib/json.rb
A trunk/ext/json/lib
A trunk/ext/json/lib/json
A trunk/ext/json/lib/json.rb
A trunk/ext/json/extconf.rb
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14100 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
