2.6 KiB
MSC2540: Stricter event validation: JSON compliance
Background
There has been prior discussions about validating events more strictly. This MSC proposes fixing a small piece of this: JSON compliance.
The Canonical JSON
specification requires that numbers that are serialized in JSON are integers in
the inclusive range of [-(2^53) + 1, (2^53) - 1]
, which matches the requirements of
section 6 of RFC 7159. Note that it is
not explicit, but all floats are invalid.
It is worth mentioning that there are common extensions to JSON which produce
invalid JSON according to the Matrix specification; some programming languages
even support these by default. One common additional feature is handling
"special" float values: Infinity
, -Infinity
, and NaN
.
Proposal
In a future room version, homeserver implementations are to strictly enforce
the JSON compliance of the Canonical JSON specification for events.
Non-compliant events should be treated like any other malformed event,
for example by rejecting the request with an HTTP 400 error with M_BAD_JSON
,
or by discarding the event.
The rationale for doing this in a future room version is to avoid a split brain room -- where some federated servers believe an event is valid and others reject it as invalid. Rooms will be able to opt into this behavior as part of a room version upgrade.
Homeserver implementations are not to strictly enforce this JSON compliance in room versions 1, 2, 3, 4, and 5. The rationale is essentially the same as why a future room version is necessary: this ensures that all federated servers treat the same events as valid.
Potential issues
Homeserver implementations might include JSON parsers which are stricter than others. It may not be worthwhile or reasonable to loosen those restrictions for stable room versions.
Alternatives
It could be argued that this MSC is unnecessary since it does not add any new requirements for handling of JSON data. Unfortunately starting to enforce these requirements in current rooms could cause federation to break as homeservers will disagree on whether events are valid.
Security considerations
N/A
Unstable prefix
A room version of org.matrix.strict_canonicaljson
until a future room version
is available. This room version will use
room version 5 as base and include the
above modifications.