Add MSC2540 for stricter validation of event JSON.
Patrick Cloke
5 years ago
parent
3556b8457f
commit
7797c18727
@ -0,0 +1,55 @@
|
||||
# MSC2540: Stricter event validation: JSON compliance
|
||||
|
||||
## Background
|
||||
|
||||
There has been [prior discussions](https://github.com/matrix-org/matrix-doc/issues/1646)
|
||||
about validating events more strictly. This MSC proposes fixing a small piece of
|
||||
this: JSON compliance.
|
||||
|
||||
The [Canonical JSON](https://matrix.org/docs/spec/appendices#canonical-json)
|
||||
specification requires that numbers that are serialized in JSON are integers in
|
||||
the range of [-2 ^ 53 + 1, 2 ^ 53 - 1], which matches the requirements of
|
||||
[section 6 of RFC 7159](https://tools.ietf.org/html/rfc7159). Note that it is
|
||||
not explicit, but all floats are invalid.
|
||||
|
||||
It is worth mentioning that there are common extensions to JSON which produce
|
||||
invalid JSON according to the Matrix specification, some programming langauges
|
||||
even support these by default. One common additional feature is handling
|
||||
"special" float values: `Infinity`, `-Infinity`, and `NaN`.
|
||||
|
||||
|
||||
## Proposal
|
||||
|
||||
In a future room version, Matrix server implementations should strictly enforce
|
||||
the Canonical JSON specification for events.
|
||||
|
||||
The rationale for doing this in a future room version is to avoid a split brain
|
||||
room -- where some federated servers believe an event is valid and others reject
|
||||
it as invalid. Rooms will be able to opt into this behavior as part of a room
|
||||
version upgrade.
|
||||
|
||||
|
||||
## Potential issues
|
||||
|
||||
N/A
|
||||
|
||||
|
||||
## Alternatives
|
||||
|
||||
It could be argued that this MSC is unnecessary since it does not add any new
|
||||
requirements for handling of JSON data. Unfortunately starting to enforce these
|
||||
requirements in current rooms could cause federation to break as homeservers
|
||||
will disagree on whether events are valid.
|
||||
|
||||
|
||||
## Security considerations
|
||||
|
||||
N/A
|
||||
|
||||
|
||||
## Unstable prefix
|
||||
|
||||
A room versions of `org.matrix.strict_canonicaljson` until a future room version
|
||||
is available. This room version will use
|
||||
[room version 5](https://matrix.org/docs/spec/rooms/v5) as base and include the
|
||||
above modifications.
|
||||
Loading…
Reference in New Issue