Number Serialization Bug/Feature
Anders Rundgren
anders.rundgren.net at gmail.com
Thu Dec 28 11:02:46 UTC 2017
Hi All,
A number of JS tools including Node.js, Chrome, Firefox, and Safari nowadays support the more advanced version of "Number" serialization defined by ECMA in section 7.1.12.1 including NOTE 2 in https://www.ecma-international.org/ecma-262/6.0/ECMA-262.pdf
Nashorn as featured in OpenJDK version "1.8.0_151" does not appear following this specification leading to subtle interoperability problems:
jjs> JSON.parse('{"v":5e-324}').v
4.9e-324
Chrome:
JSON.parse('{"v":5e-324}').v
5e-324
Why would that ever lead to an interoperability problem you might [rightfully] wonder?
Well, there a tentative IETF effort establishing a digital signature standard for JSON objects that works with clear text messages. This among many things requires that data types have a "normalized" form. ECMA has essentially done that which together with creation ordering of properties (modulo properties with names expressed as integers) makes the rest pretty simple.
Related: https://bugs.openjdk.java.net/browse/JDK-8149075
Cheers,
Anders Rundgren
https://cyberphone.github.io/doc/security/jose-jcs.html#Normalization_and_Signature_Validation
More information about the nashorn-dev
mailing list