diff --git a/src/jsx_decoder.erl b/src/jsx_decoder.erl index bc1aa32..6d31e74 100644 --- a/src/jsx_decoder.erl +++ b/src/jsx_decoder.erl @@ -283,7 +283,7 @@ string(Bin, Handler, Stack, Opts) -> %% we don't need to guard against partial utf here, because it's already taken %% care of in string. theoretically, the last clause of noncharacter/4 is %% unreachable -%% non-characters erlang doesn't recognize as non-characters, idiotically +%% non-characters erlang doesn't recognize as non-characters noncharacter(<>, Handler, [Acc|Stack], Opts) when ?is_noncontrol(S) -> string(Rest, Handler, [?acc_seq(Acc, 16#fffd)|Stack], Opts); @@ -335,15 +335,6 @@ escaped_unicode(<>, Handler, [[C,B,A], Acc|Stack], Opts) ; false -> ?error([<>, Handler, [[C,B,A], Acc|Stack], Opts]) end - %% allowing interchange of null bytes allows attackers to forge - %% malicious streams - ; X when X == 16#0000 -> - case Opts#opts.loose_unicode of - true -> - string(Rest, Handler, [?acc_seq(Acc, 16#fffd)|Stack], Opts) - ; false -> - ?error([<>, Handler, [[C,B,A], Acc|Stack], Opts]) - end %% anything else ; X -> string(Rest, Handler, [?acc_seq(Acc, X)|Stack], Opts) @@ -779,13 +770,6 @@ reserved_test_() -> ?_assertEqual(check_replaced(reserved_space()), []) } ]. - -zero_test_() -> - [ - {"nullbyte - badjson", - ?_assertEqual(check_bad(zero()), []) - } - ]. good_characters_test_() -> [ @@ -848,8 +832,6 @@ control_characters() -> lists:seq(1, 31). reserved_space() -> lists:seq(16#fdd0, 16#fdef). -zero() -> [0]. - good() -> [32, 33] ++ lists:seq(16#23, 16#5b) ++ lists:seq(16#5d, 16#d7ff) diff --git a/test/cases/escaped_nullbyte_replaced.json b/test/cases/escaped_nullbyte_replaced.json deleted file mode 100644 index ed6780d..0000000 --- a/test/cases/escaped_nullbyte_replaced.json +++ /dev/null @@ -1 +0,0 @@ -"\u0000" \ No newline at end of file diff --git a/test/cases/escaped_nullbyte_replaced.test b/test/cases/escaped_nullbyte_replaced.test deleted file mode 100644 index 785acc8..0000000 --- a/test/cases/escaped_nullbyte_replaced.test +++ /dev/null @@ -1,4 +0,0 @@ -{name, "escaped nullbyte replaced"}. -{jsx, [{string,<<16#fffd/utf8>>},end_json]}. -{json, "escaped_nullbyte_replaced.json"}. -{jsx_flags, [loose_unicode]}. \ No newline at end of file diff --git a/test/cases/nullbyte_forbidden.json b/test/cases/nullbyte_forbidden.json deleted file mode 100644 index ed6780d..0000000 --- a/test/cases/nullbyte_forbidden.json +++ /dev/null @@ -1 +0,0 @@ -"\u0000" \ No newline at end of file diff --git a/test/cases/nullbyte_forbidden.test b/test/cases/nullbyte_forbidden.test deleted file mode 100644 index 2feb2f2..0000000 --- a/test/cases/nullbyte_forbidden.test +++ /dev/null @@ -1,3 +0,0 @@ -{name, "nullbyte forbidden"}. -{jsx, {error, badjson}}. -{json, "nullbyte_forbidden.json"}. \ No newline at end of file diff --git a/test/cases/nullbyte_replaced.json b/test/cases/nullbyte_replaced.json deleted file mode 100644 index ed6780d..0000000 --- a/test/cases/nullbyte_replaced.json +++ /dev/null @@ -1 +0,0 @@ -"\u0000" \ No newline at end of file diff --git a/test/cases/nullbyte_replaced.test b/test/cases/nullbyte_replaced.test deleted file mode 100644 index 9a909eb..0000000 --- a/test/cases/nullbyte_replaced.test +++ /dev/null @@ -1,4 +0,0 @@ -{name, "nullbyte replaced"}. -{jsx, [{string,<<16#fffd/utf8>>},end_json]}. -{json, "nullbyte_replaced.json"}. -{jsx_flags, [loose_unicode]}. \ No newline at end of file