Allow QuickCheck-2.11 #213
Conversation
| What does "restrict" mean? consider it a parsing failure? I don't think this works, as we want to be able to support unicode package names (even if we disallow them on the central hackage server as a policy; but there's users who want to be able to have unicode on their private package repos supported). |
| @hvr if we want to support unicode, we have to wait what CJSON folks come up. They have very conflicting specs: "strings is sequence of bytes", OTOH JSON proper mandates that JSON document is valid Unicode
That strongly assumes that the CJSON document is not text but binary, when JSON document is text document.
And this is crap, everyone base64/base16 encodes binary blobs when they are in JSON. Also λ D.T.Normalize D.Aeson D.Text> normalize NFD "äiti" "a\776iti" λ D.T.Normalize D.Aeson D.Text> encode (normalize NFD "äiti") "\"a\204\136iti\"" λ D.T.Normalize D.Aeson D.Text> decode (encode (normalize NFD "äiti")) :: Maybe Text Just "a\776iti"I don't see what doesn't preserve identity of non-canonical unicode strings ("broken" JSON impl somewhere?) |
| One way is to adhere to CJSON as it's now, which means - | JSString String + | JSString ByteString |
| At least they've acknowledge the issue; we've known about this inconsistency in the OLPC spec since at least Jan 2016, see 867f2e5 |
| Anyway, is there anything blocking this from merging? What to do with CJSON can wait, using newer EDIT and the 0xff bug is "documented" in tests too now. |
Nope; but there's no need for a new release yet... so it may take a while till this hits Hackage. |
2 participants
Canonical JSON and RFC 7159 still don't agree, even strings are ASCII, as per RFC newlines have to be escaped.
Related comment is theupdateframework/python-tuf#457 (comment)
Yet, e.g.
aesonlenienly accepts\x0a, but doesn't produce it:I'm tempted to restrict
hackage-securityto only allow characters in0x20-0x7frange. That's enough for our use, isn't it?