From 7186d4c70fb240a7a4facbc70446ec8ea2f53b27 Mon Sep 17 00:00:00 2001 From: Rob Pilling Date: Mon, 27 Nov 2023 08:43:28 +0000 Subject: [PATCH] JSON.parse(): bail if we don't get a string key (in non-relaxed mode) --- src/jswrap_json.c | 6 +++--- tests/test_json_object.js | 20 +++++++++++++++++++- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/src/jswrap_json.c b/src/jswrap_json.c index 7fcb89958d..336d44f036 100644 --- a/src/jswrap_json.c +++ b/src/jswrap_json.c @@ -138,9 +138,9 @@ JsVar *jswrap_json_parse_internal(JSONFlags flags) { JsVar *obj = jsvNewObject(); if (!obj) return 0; jslGetNextToken(); // { while ((lex->tk == LEX_STR || lex->tk == LEX_ID) && !jspHasError()) { - if (!(flags&JSON_DROP_QUOTES)) { - jslMatch(LEX_STR); - return obj; + if (!(flags&JSON_DROP_QUOTES) && !jslMatch(LEX_STR)) { + jsvUnLock(obj); + return 0; } JsVar *key = jsvAsArrayIndexAndUnLock(jslGetTokenValueAsVar()); jslGetNextToken(); diff --git a/tests/test_json_object.js b/tests/test_json_object.js index 604ae427f3..863ef12fbd 100644 --- a/tests/test_json_object.js +++ b/tests/test_json_object.js @@ -1,6 +1,24 @@ // JSON shouldn't print stuff like __proto__ and constructor -function A() {} +function A() {} var a = new A(); result = JSON.stringify(a)=="{}"; + +function assertEq(a, b) { + if (typeof a === "object") + // note: doesn't check keys in b + for (var k in a) + assertEq(a[k], b[k]); + else if (a !== b) + throw new Error("mismatch, " + a + " != " + b); +} + +// no exceptions thrown: +assertEq(JSON.parse('{"a": 1}'), {"a": 1}); +assertEq(JSON.parse('["4", 5, "six"]'), ["4", 5, "six"]); +assertEq(JSON.parse('["4", 5, "six", {"x": 5}]'), ["4", 5, "six", {"x": 5}]); +assertEq(JSON.parse('""'), ""); +assertEq(JSON.parse('5'), 5); +assertEq(JSON.parse('[]'), []); +assertEq(JSON.parse('{}'), {});