Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Catalyst: Users

Re: Catalyst::Controller:REST and JSON vs JSONP issue

 

 

Catalyst users RSS feed   Index | Next | Previous | View Threaded


jspath at pangeamedia

Aug 26, 2011, 5:41 AM

Post #1 of 2 (393 views)
Permalink
Re: Catalyst::Controller:REST and JSON vs JSONP issue

On Fri, Aug 26, 2011 at 7:32 AM, Dave Howorth
<dhoworth [at] mrc-lmb> wrote:
> There's a mail from Jim Spath in the pipermail archive that didn't make
> it to the other archives (or to my inbox). It hasn't had any answers so
> I'd suggest he repost it.

Thanks Dave!

Here it is:

So it turns out there are certain characters that are perfectly legal
JSON that are NOT legal JavaScript:

http://timelessrepo.com/json-isnt-a-javascript-subset

We have run into this problem in our application which uses
Catalyst::Controller::REST to output certain data as JSON or JSONP.

Catalyst::Controller::REST first encodes the data as JSON, and then to
create JSONP, simply wraps the JSON in a callback function, and no
attempt is made to deal with possible illegal characters.

I believe a solution would involve replacing the illegal characters in
Catalyst::Action::Serialize::JSON before the string is wrapped in the
callback function.

Has anyone else run into this problem?

> FWIW, IMHO the issue is better fixed in JSON::XS et al than in
> Catalyst::Action::Serialize::JSON. I don't see why JSON can't always
> encode the two problematic characters.

I suppose it could be in JSON::XS .. but JSON::XS is doing nothing
wrong ... the two characters are perfectly valid JSON ... but they are
NOT valid in JavaScript.

Perhaps it could be an option in JSON::XS?

- Jim

_______________________________________________
List: Catalyst [at] lists
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst [at] lists/
Dev site: http://dev.catalyst.perl.org/


dhoworth at mrc-lmb

Aug 26, 2011, 5:57 AM

Post #2 of 2 (375 views)
Permalink
Re: Catalyst::Controller:REST and JSON vs JSONP issue [In reply to]

James Spath wrote:
>> FWIW, IMHO the issue is better fixed in JSON::XS et al than in
>> Catalyst::Action::Serialize::JSON. I don't see why JSON can't always
>> encode the two problematic characters.
>
> I suppose it could be in JSON::XS .. but JSON::XS is doing nothing
> wrong ... the two characters are perfectly valid JSON ... but they are
> NOT valid in JavaScript.

That's strictly true, but neither is it doing anything wrong by encoding
the two characters. From the spec <http://www.ietf.org/rfc/rfc4627.txt>:
"Any character may be escaped. If the character is in the Basic
Multilingual Plane (U+0000 through U+FFFF), then it may be
represented as a six-character sequence: a reverse solidus, followed
by the lowercase letter u, followed by four hexadecimal digits that
encode the character's code point."

And it's going against the spirit of the specification, which says, in
section 6 under Security considerations:
"JSON is a subset of JavaScript".

It appears to be a simple oversight in the specification.

> Perhaps it could be an option in JSON::XS?

Well that would fit with TMTOWDTI but I'd suggest asking the world
whether anybody has a use case before adding the complication :)

Cheers, Dave

_______________________________________________
List: Catalyst [at] lists
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst [at] lists/
Dev site: http://dev.catalyst.perl.org/

Catalyst users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.