https://issues.dlang.org/show_bug.cgi?id=14727
Issue ID: 14727
Summary: std.json incorrectly supports inf and nan
Product: D
Version: D2
Hardware: x86_64
OS: Linux
Status: NEW
Severity: normal
Priority: P1
Component: phobos
Assignee: [email protected]
Reporter: [email protected]
The JSON specification intentionally leaves out encodings for Infinity and NaN
as these are global variables in javascript that can be replaced with something
malicious.
std.json currently encodes double.infinity as inf and double.nan as nan. These
variables can also be replaced with malicious versions.
The correct encoding for double.infinity, -double.infinity and double.nan is
null.
import std.json;
void main()
{
assert(JSONValue(double.infinity).toString == "null");
assert(JSONValue(-double.infinity).toString == "null");
assert(JSONValue(double.nan).toString == "null");
}
--
