Closed char0n closed 7 months ago
It's also worth considering if encodeURIComponent
and decodeURIComponent
should be used at all as the specification says the following:
Evaluation of each reference token begins by decoding any escaped character sequence. This is performed by first transforming any occurrence of the sequence
'~1'
to'/'
, and then transforming any occurrence of the sequence'~0'
to'~'
.
This is little ambiguous as it's first tells us to that it begins by decoding any escaped character sequence
but then it enumerates exactly two decoding operations that needs to be performed.
Agreed, I think we do a bit too much string encoding in general. Would be better to fallback to explicit implementations of these schemas. For now I've implemented it in v11.2.4
Thanks a lot!
Hi,
I've noticed that implementation of JSON Pointer parsing is not compliant with RFC 6901, nor it's safe (throws error). The issue is with decodeURIComponent, which trows error in certain character sequences which are valid JSON Pointers.
Steps to Reproduce
/c%d
- is valid JSON Pointer according to the RFC 6901 (section 5), which has a nice example suitable for creating a test suite for the implementation:Remediation
Remediation might be introduced by safe variant of
decodeURIComponent
that will look as follows:This safe version at least gives us chance to evaluate the JSON Pointer against the structure, even though not all character sequences might get decoded.