I didn't realize this was a JSON requirement until I started reading the spec carefully, but this is a _very_ bad mistake.
-
-
Show this thread
-
The sad part is this could have been trivially fixed by just saying that the escape characters can all be escaped by \('a'+#) or something, and then it would have had an amplification factor of 2. But AFAICT, there is no way to escape many of the required codes with less than 6.
Show this thread
End of conversation
New conversation -
-
-
What is the use case of sending (that many) control characters with JSON?
-
There's no use case, it's a robustness requirement. A system wanting to guarantee UTF8->JSON compliance must handle this as an input, even if the only expect case if when an attacker crafts it specifically.
End of conversation
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I'm firmly convinced thatall of those random JSON parsing libraries I use handle this with grace...
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.