Integers outside the range [-2 ^ 53 + 1, 2 ^ 53 - 1]
Floats
NaN, Infinity, -Infinity
... which should mean that it is impossible to sign a federation request containing such values, so all such requests should be rejected. However AFAICT Synapse does not enforce this.
Canonicaljson is used in a couple of other places too (3pid invites, E2EE, etc), and the same considerations apply there.
richvdh
commented
1 year ago
The canonicaljson spec says that json requests cannot contain:
[-2 ^ 53 + 1, 2 ^ 53 - 1]... which should mean that it is impossible to sign a federation request containing such values, so all such requests should be rejected. However AFAICT Synapse does not enforce this.
Canonicaljson is used in a couple of other places too (3pid invites, E2EE, etc), and the same considerations apply there.