Normative: Prevent JSON.stringify from returning ill-formed Unicode strings (#1396)

gibson042 · bterlson · commit 7428c89bef62 · 2019-02-20T13:43:43.000-08:00
Fixes #944
diff --git a/spec.html b/spec.html
@@ -36157,15 +36157,18 @@ <h1>Runtime Semantics: SerializeJSONProperty ( _key_, _holder_ )</h1>
       <emu-clause id="sec-quotejsonstring" aoid="QuoteJSONString">
         <h1>Runtime Semantics: QuoteJSONString ( _value_ )</h1>
         <p>The abstract operation QuoteJSONString with argument _value_ wraps a String value in QUOTATION MARK code units and escapes certain other code units within it.</p>
+        <p>This operation interprets a String value as a sequence of UTF-16 encoded code points, as described in <emu-xref href="#sec-ecmascript-language-types-string-type"></emu-xref>.</p>
         <emu-alg>
           1. Let _product_ be the String value consisting solely of the code unit 0x0022 (QUOTATION MARK).
-          1. For each code unit _C_ in _value_, do
-            1. If the numeric value of _C_ is listed in the Code Unit Value column of <emu-xref href="#table-json-single-character-escapes"></emu-xref>, then
+          1. Let _cpList_ be a List containing in order the code points of _value_ when interpreted as a sequence of UTF-16 encoded code points as described in <emu-xref href="#sec-ecmascript-language-types-string-type"></emu-xref>.
+          1. For each code point _C_ in _cpList_, do
+            1. If _C_ is listed in the Code Point column of <emu-xref href="#table-json-single-character-escapes"></emu-xref>, then
               1. Set _product_ to the string-concatenation of _product_ and the Escape Sequence for _C_ as specified in <emu-xref href="#table-json-single-character-escapes"></emu-xref>.
-            1. Else if _C_ has a numeric value less than 0x0020 (SPACE), then
-              1. Set _product_ to the string-concatenation of _product_ and UnicodeEscape(_C_).
+            1. Else if _C_ has a numeric value less than 0x0020 (SPACE), or _C_ has the same numeric value as a <emu-xref href="#leading-surrogate"></emu-xref> or <emu-xref href="#trailing-surrogate"></emu-xref>, then
+              1. Let _unit_ be a code unit whose numeric value is that of _C_.
+              1. Set _product_ to the string-concatenation of _product_ and UnicodeEscape(_unit_).
             1. Else,
-              1. Set _product_ to the string-concatenation of _product_ and _C_.
+              1. Set _product_ to the string-concatenation of _product_ and the <emu-xref aoid="UTF16Encoding"></emu-xref> of _C_.
           1. Set _product_ to the string-concatenation of _product_ and the code unit 0x0022 (QUOTATION MARK).
           1. Return _product_.
         </emu-alg>
@@ -36174,7 +36177,7 @@ <h1>Runtime Semantics: QuoteJSONString ( _value_ )</h1>
             <tbody>
             <tr>
               <th>
-                Code Unit Value
+                Code Point
               </th>
               <th>
                 Unicode Character Name
@@ -36185,7 +36188,7 @@ <h1>Runtime Semantics: QuoteJSONString ( _value_ )</h1>
             </tr>
             <tr>
               <td>
-                `0x0008`
+                U+0008
               </td>
               <td>
                 BACKSPACE
@@ -36196,7 +36199,7 @@ <h1>Runtime Semantics: QuoteJSONString ( _value_ )</h1>
             </tr>
             <tr>
               <td>
-                `0x0009`
+                U+0009
               </td>
               <td>
                 CHARACTER TABULATION
@@ -36207,7 +36210,7 @@ <h1>Runtime Semantics: QuoteJSONString ( _value_ )</h1>
             </tr>
             <tr>
               <td>
-                `0x000A`
+                U+000A
               </td>
               <td>
                 LINE FEED (LF)
@@ -36218,7 +36221,7 @@ <h1>Runtime Semantics: QuoteJSONString ( _value_ )</h1>
             </tr>
             <tr>
               <td>
-                `0x000C`
+                U+000C
               </td>
               <td>
                 FORM FEED (FF)
@@ -36229,7 +36232,7 @@ <h1>Runtime Semantics: QuoteJSONString ( _value_ )</h1>
             </tr>
             <tr>
               <td>
-                `0x000D`
+                U+000D
               </td>
               <td>
                 CARRIAGE RETURN (CR)
@@ -36240,7 +36243,7 @@ <h1>Runtime Semantics: QuoteJSONString ( _value_ )</h1>
             </tr>
             <tr>
               <td>
-                `0x0022`
+                U+0022
               </td>
               <td>
                 QUOTATION MARK
@@ -36251,7 +36254,7 @@ <h1>Runtime Semantics: QuoteJSONString ( _value_ )</h1>
             </tr>
             <tr>
               <td>
-                `0x005C`
+                U+005C
               </td>
               <td>
                 REVERSE SOLIDUS
