[Catalyst] Catalyst::Controller:REST and JSON vs JSONP issue
Dave Howorth
dhoworth at mrc-lmb.cam.ac.uk
Fri Aug 26 12:57:55 GMT 2011
James Spath wrote:
>> FWIW, IMHO the issue is better fixed in JSON::XS et al than in
>> Catalyst::Action::Serialize::JSON. I don't see why JSON can't always
>> encode the two problematic characters.
>
> I suppose it could be in JSON::XS .. but JSON::XS is doing nothing
> wrong ... the two characters are perfectly valid JSON ... but they are
> NOT valid in JavaScript.
That's strictly true, but neither is it doing anything wrong by encoding
the two characters. From the spec <http://www.ietf.org/rfc/rfc4627.txt>:
"Any character may be escaped. If the character is in the Basic
Multilingual Plane (U+0000 through U+FFFF), then it may be
represented as a six-character sequence: a reverse solidus, followed
by the lowercase letter u, followed by four hexadecimal digits that
encode the character's code point."
And it's going against the spirit of the specification, which says, in
section 6 under Security considerations:
"JSON is a subset of JavaScript".
It appears to be a simple oversight in the specification.
> Perhaps it could be an option in JSON::XS?
Well that would fit with TMTOWDTI but I'd suggest asking the world
whether anybody has a use case before adding the complication :)
Cheers, Dave
More information about the Catalyst
mailing list