diff options
| author | Bob Ippolito <bob@redivi.com> | 2008-03-23 05:27:52 +0000 |
|---|---|---|
| committer | Bob Ippolito <bob@redivi.com> | 2008-03-23 05:27:52 +0000 |
| commit | ddaa1c328be014f4ab3d1e9e7dc3b2484a0fd2d7 (patch) | |
| tree | bf3512c2c18e3b88b5978e2590fe968fbd796fd1 | |
| parent | 12a5916de434c7c29ea82103e2c38cb7ad269958 (diff) | |
| download | simplejson-ddaa1c328be014f4ab3d1e9e7dc3b2484a0fd2d7.tar.gz | |
bump version to 1.8, remove </script> attack prevention (escaping of /), revert to accurate numbers and an appropriate test
git-svn-id: http://simplejson.googlecode.com/svn/trunk@66 a4795897-2c25-0410-b006-0d3caba88fa1
| -rw-r--r-- | setup.py | 2 | ||||
| -rw-r--r-- | simplejson/__init__.py | 2 | ||||
| -rw-r--r-- | simplejson/_speedups.c | 3 | ||||
| -rw-r--r-- | simplejson/encoder.py | 2 | ||||
| -rw-r--r-- | simplejson/tests/test_attacks.py | 6 | ||||
| -rw-r--r-- | simplejson/tests/test_float.py | 8 |
6 files changed, 8 insertions, 15 deletions
@@ -18,7 +18,7 @@ from distutils.command.build_ext import build_ext from distutils.errors import CCompilerError, DistutilsExecError, \ DistutilsPlatformError -VERSION = '1.7.5' +VERSION = '1.8' DESCRIPTION = "Simple, fast, extensible JSON encoder/decoder for Python" LONG_DESCRIPTION = """ simplejson is a simple, fast, complete, correct and extensible diff --git a/simplejson/__init__.py b/simplejson/__init__.py index 615b2f3..f7adfa7 100644 --- a/simplejson/__init__.py +++ b/simplejson/__init__.py @@ -86,7 +86,7 @@ Extending JSONEncoder:: Note that the JSON produced by this module's default settings is a subset of YAML, so it may be used as a serializer for that as well. """ -__version__ = '1.7.5' +__version__ = '1.8' __all__ = [ 'dump', 'dumps', 'load', 'loads', 'JSONDecoder', 'JSONEncoder', diff --git a/simplejson/_speedups.c b/simplejson/_speedups.c index 4aec693..053369a 100644 --- a/simplejson/_speedups.c +++ b/simplejson/_speedups.c @@ -21,7 +21,7 @@ static PyObject * py_encode_basestring_ascii(PyObject* self UNUSED, PyObject *pystr); void init_speedups(void); -#define S_CHAR(c) (c >= ' ' && c <= '~' && c != '\\' && c != '/' && c != '"') +#define S_CHAR(c) (c >= ' ' && c <= '~' && c != '\\' && c != '"') #define MIN_EXPANSION 6 #ifdef Py_UNICODE_WIDE @@ -35,7 +35,6 @@ ascii_escape_char(Py_UNICODE c, char *output, Py_ssize_t chars) { Py_UNICODE x; output[chars++] = '\\'; switch (c) { - case '/': output[chars++] = (char)c; break; case '\\': output[chars++] = (char)c; break; case '"': output[chars++] = (char)c; break; case '\b': output[chars++] = 'b'; break; diff --git a/simplejson/encoder.py b/simplejson/encoder.py index 87ad6f4..7827deb 100644 --- a/simplejson/encoder.py +++ b/simplejson/encoder.py @@ -10,8 +10,6 @@ except ImportError: ESCAPE = re.compile(r'[\x00-\x1f\\"\b\f\n\r\t]') ESCAPE_ASCII = re.compile(r'([\\"/]|[^\ -~])') ESCAPE_DCT = { - # escape all forward slashes to prevent </script> attack - '/': '\\/', '\\': '\\\\', '"': '\\"', '\b': '\\b', diff --git a/simplejson/tests/test_attacks.py b/simplejson/tests/test_attacks.py deleted file mode 100644 index 8ecfed8..0000000 --- a/simplejson/tests/test_attacks.py +++ /dev/null @@ -1,6 +0,0 @@ -def test_script_close_attack(): - import simplejson - res = simplejson.dumps('</script>') - assert '</script>' not in res - res = simplejson.dumps(simplejson.loads('"</script>"')) - assert '</script>' not in res diff --git a/simplejson/tests/test_float.py b/simplejson/tests/test_float.py index 9ac1632..bcec143 100644 --- a/simplejson/tests/test_float.py +++ b/simplejson/tests/test_float.py @@ -1,4 +1,6 @@ +import simplejson +import math + def test_floats(): - import simplejson - for num in [1617161771.7650001]: - assert simplejson.dumps(num) == str(num) + for num in [1617161771.7650001, math.pi, math.pi**100, math.pi**-100]: + assert float(simplejson.dumps(num)) == num |