Open
Description
openedon Oct 3, 2024
Rule details
Fail on values that aren't safe for interchange
What type of rule is this?
Warns about a potential problem
Example code
Per https://socket.dev/blog/judicious-json
Some values of JSON do not coerce safely across different situations.
- Non-finite numbers. The can coerce to infinity or other precision loss.
// 'null'
JSON.stringify(Number.MAX_VALUE * 10)
// Infinity
JSON.parse('2e309')
- Lone surrogates. These actually throw errors in various libs.
let serialized = JSON.stringify("🔥"[0]);
// '"\\uD83D"' - note extra \
JSON.parse(serialized);
// "\uD83D"
- Array/string bounds. These have hard limits in some languages like JS.
This isn't feasible to show an example of. Only affects very large data. Uncommon and easily skipped usually.
Participation
- I am willing to submit a pull request to implement this rule.
Additional comments
No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment