Implement well-formed JSON.stringify

The change to the spec makes unpaired surrogate code units serialize to their escape sequences instead of bad characters.

This is now in stage 4.

Fixes #5735

Author: boingoing

lib/Common/Codex/Utf8Codex.cpp

@@ -69,11 +69,6 @@ namespace utf8
         return ((0x5B >> (((prefix ^ 0xF0) >> 3) & 0x1E)) & 0x03) + 1;
     }
 
-    const char16 WCH_UTF16_HIGH_FIRST  =  char16(0xd800);
-    const char16 WCH_UTF16_HIGH_LAST   =  char16(0xdbff);
-    const char16 WCH_UTF16_LOW_FIRST   =  char16(0xdc00);
-    const char16 WCH_UTF16_LOW_LAST    =  char16(0xdfff);
-
     char16 GetUnknownCharacter(DecodeOptions options = doDefault)
     {
         if ((options & doThrowOnInvalidWCHARs) != 0)
@@ -83,26 +78,11 @@ namespace utf8
         return char16(UNICODE_UNKNOWN_CHAR_MARK);
     }
 
-    inline BOOL InRange(const char16 ch, const char16 chMin, const char16 chMax)
-    {
-        return (unsigned)(ch - chMin) <= (unsigned)(chMax - chMin);
-    }
-
     BOOL IsValidWideChar(char16 ch)
     {
         return (ch < 0xfdd0) || ((ch > 0xfdef) && (ch <= 0xffef)) || ((ch >= 0xfff9) && (ch <= 0xfffd));
     }
 
-    inline BOOL IsHighSurrogateChar(char16 ch)
-    {
-        return InRange( ch, WCH_UTF16_HIGH_FIRST, WCH_UTF16_HIGH_LAST );
-    }
-
-    inline BOOL IsLowSurrogateChar(char16 ch)
-    {
-        return InRange( ch, WCH_UTF16_LOW_FIRST, WCH_UTF16_LOW_LAST );
-    }
-
     _At_(ptr, _In_reads_(end - ptr) _Post_satisfies_(ptr >= _Old_(ptr) - 1 && ptr <= end))
     inline char16 DecodeTail(char16 c1, LPCUTF8& ptr, LPCUTF8 end, DecodeOptions& options, bool *chunkEndsAtTruncatedSequence)
     {

lib/Common/Codex/Utf8Codex.h

@@ -157,6 +157,26 @@ namespace utf8
 
     BOOL IsValidWideChar(char16 ch);
 
+    const char16 WCH_UTF16_HIGH_FIRST = char16(0xd800);
+    const char16 WCH_UTF16_HIGH_LAST = char16(0xdbff);
+    const char16 WCH_UTF16_LOW_FIRST = char16(0xdc00);
+    const char16 WCH_UTF16_LOW_LAST = char16(0xdfff);
+
+    inline BOOL InRange(const char16 ch, const char16 chMin, const char16 chMax)
+    {
+        return (unsigned)(ch - chMin) <= (unsigned)(chMax - chMin);
+    }
+
+    inline BOOL IsHighSurrogateChar(char16 ch)
+    {
+        return InRange(ch, WCH_UTF16_HIGH_FIRST, WCH_UTF16_HIGH_LAST);
+    }
+
+    inline BOOL IsLowSurrogateChar(char16 ch)
+    {
+        return InRange(ch, WCH_UTF16_LOW_FIRST, WCH_UTF16_LOW_LAST);
+    }
+
     // Decode the trail bytes after the UTF8 lead byte c1 but returning 0xFFFD if trail bytes are expected after end.
     _At_(ptr, _In_reads_(end - ptr) _Post_satisfies_(ptr >= _Old_(ptr) - 1 && ptr <= end))
     char16 DecodeTail(char16 c1, LPCUTF8& ptr, LPCUTF8 end, DecodeOptions& options, bool *chunkEndsAtTruncatedSequence = nullptr);

lib/Runtime/Library/JSONStringBuilder.cpp

@@ -30,6 +30,34 @@ JSONStringBuilder::AppendString(_In_ JavascriptString* str)
     AppendBuffer(str->GetString(), str->GetLength());
 }
 
+void
+JSONStringBuilder::AppendEscapeSequence(_In_ const char16 character)
+{
+    // Convert character into a 4 digit hex code (e.g. \u0010)
+    this->AppendCharacter(_u('\\'));
+    this->AppendCharacter(_u('u'));
+    {
+        char16 buf[5];
+        // Get hex value
+        _ltow_s(character, buf, _countof(buf), 16);
+
+        // Append leading zeros if necessary before the hex value
+        charcount_t count = static_cast<charcount_t>(wcslen(buf));
+        switch (count)
+        {
+        case 1:
+            this->AppendCharacter(_u('0'));
+        case 2:
+            this->AppendCharacter(_u('0'));
+        case 3:
+            this->AppendCharacter(_u('0'));
+        default:
+            this->AppendBuffer(buf, count);
+            break;
+        }
+    }
+}
+
 void
 JSONStringBuilder::EscapeAndAppendString(_In_ JavascriptString* str)
 {
@@ -70,30 +98,25 @@ JSONStringBuilder::EscapeAndAppendString(_In_ JavascriptString* str)
             this->AppendCharacter(_u('t'));
             break;
         default:
-            if (currentCharacter < _u(' '))
+            if (currentCharacter < _u(' ') || utf8::IsLowSurrogateChar(currentCharacter))
+            {
+                this->AppendEscapeSequence(currentCharacter);
+            }
+            else if (utf8::IsHighSurrogateChar(currentCharacter))
             {
-                // If character is less than SPACE, it is converted into a 4 digit hex code (e.g. \u0010)
-                this->AppendCharacter(_u('\\'));
-                this->AppendCharacter(_u('u'));
+                if (index + 1 < bufferStart + strLength && utf8::IsLowSurrogateChar(*(index + 1)))
+                {
+                    // Append surrogate pair normally
+                    this->AppendCharacter(currentCharacter);
+                    this->AppendCharacter(*(index + 1));
+
+                    // Skip the trailing-surrogate code unit
+                    index++;
+                }
+                else
                 {
-                    char16 buf[5];
-                    // Get hex value
-                    _ltow_s(currentCharacter, buf, _countof(buf), 16);
-
-                    // Append leading zeros if necessary before the hex value
-                    charcount_t count = static_cast<charcount_t>(wcslen(buf));
-                    switch (count)
-                    {
-                    case 1:
-                        this->AppendCharacter(_u('0'));
-                    case 2:
-                        this->AppendCharacter(_u('0'));
-                    case 3:
-                        this->AppendCharacter(_u('0'));
-                    default:
-                        this->AppendBuffer(buf, count);
-                        break;
-                    }
+                    // High-surrogate code unit not followed by a trailing-surrogate code unit should be escaped.
+                    this->AppendEscapeSequence(currentCharacter);
                 }
             }
             else

lib/Runtime/Library/JSONStringBuilder.h

@@ -23,6 +23,7 @@ class JSONStringBuilder
     void AppendCharacter(char16 character);
     void AppendBuffer(_In_ const char16* buffer, charcount_t length);
     void AppendString(_In_ JavascriptString* str);
+    void AppendEscapeSequence(_In_ const char16 character);
     void EscapeAndAppendString(_In_ JavascriptString* str);
     void AppendObjectString(_In_ JSONObject* valueList);
     void AppendArrayString(_In_ JSONArray* valueArray);

lib/Runtime/Library/JSONStringifier.cpp

@@ -690,6 +690,25 @@ JSONStringifier::CalculateStringElementLength(_In_ JavascriptString* str)
         {
             escapedStrLength += LazyJSONString::escapeMapCount[currentCharacter];
         }
+        else if (utf8::IsLowSurrogateChar(currentCharacter))
+        {
+            // Lone trailing-surrogate code units should be escaped.
+            // They will always need 5 extra characters for the escape sequence, ie: \udbff
+            escapedStrLength += 5;
+        }
+        else if (utf8::IsHighSurrogateChar(currentCharacter))
+        {
+            if (index + 1 < bufferStart + strLength && utf8::IsLowSurrogateChar(*(index + 1)))
+            {
+                // Regular surrogate pairs are handled normally - skip the trailing-surrogate code unit.
+                index++;
+            }
+            else
+            {
+                // High-surrogate code unit not followed by a trailing-surrogate code unit should be escaped.
+                escapedStrLength += 5;
+            }
+        }
     }
     if (escapedStrLength > UINT32_MAX)
     {

test/es7/rlexe.xml

@@ -125,4 +125,10 @@
       <compile-flags>-ES2018AsyncIteration -args summary -endargs</compile-flags>
     </default>
   </test>
+  <test>
+    <default>
+      <files>wellformedJSON.js</files>
+      <compile-flags>-args summary -endargs</compile-flags>
+    </default>
+  </test>
 </regress-exe>

test/es7/wellformedJSON.js

@@ -0,0 +1,42 @@
+//-------------------------------------------------------------------------------------------------------
+// Copyright (C) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE.txt file in the project root for full license information.
+//-------------------------------------------------------------------------------------------------------
+
+WScript.LoadScriptFile("..\\UnitTestFramework\\UnitTestFramework.js");
+
+var tests = [
+    {
+        name: "Broken surrogate pairs should be escaped during JSON.stringify",
+        body: function () {
+            assert.areEqual(JSON.stringify("\uD834"), '"\\ud834"',
+              'JSON.stringify("\\uD834")');
+            assert.areEqual(JSON.stringify("\uDF06"), '"\\udf06"',
+              'JSON.stringify("\\uDF06")');
+
+            assert.areEqual(JSON.stringify("\uD834\uDF06"), '"𝌆"',
+              'JSON.stringify("\\uD834\\uDF06")');
+            assert.areEqual(JSON.stringify("\uD834\uD834\uDF06\uD834"), '"\\ud834𝌆\\ud834"',
+              'JSON.stringify("\\uD834\\uD834\\uDF06\\uD834")');
+            assert.areEqual(JSON.stringify("\uD834\uD834\uDF06\uDF06"), '"\\ud834𝌆\\udf06"',
+              'JSON.stringify("\\uD834\\uD834\\uDF06\\uDF06")');
+            assert.areEqual(JSON.stringify("\uDF06\uD834\uDF06\uD834"), '"\\udf06𝌆\\ud834"',
+              'JSON.stringify("\\uDF06\\uD834\\uDF06\\uD834")');
+            assert.areEqual(JSON.stringify("\uDF06\uD834\uDF06\uDF06"), '"\\udf06𝌆\\udf06"',
+              'JSON.stringify("\\uDF06\\uD834\\uDF06\\uDF06")');
+
+            assert.areEqual(JSON.stringify("\uDF06\uD834"), '"\\udf06\\ud834"',
+              'JSON.stringify("\\uDF06\\uD834")');
+            assert.areEqual(JSON.stringify("\uD834\uDF06\uD834\uD834"), '"𝌆\\ud834\\ud834"',
+              'JSON.stringify("\\uD834\\uDF06\\uD834\\uD834")');
+            assert.areEqual(JSON.stringify("\uD834\uDF06\uD834\uDF06"), '"𝌆𝌆"',
+              'JSON.stringify("\\uD834\\uDF06\\uD834\\uDF06")');
+            assert.areEqual(JSON.stringify("\uDF06\uDF06\uD834\uD834"), '"\\udf06\\udf06\\ud834\\ud834"',
+              'JSON.stringify("\\uDF06\\uDF06\\uD834\\uD834")');
+            assert.areEqual(JSON.stringify("\uDF06\uDF06\uD834\uDF06"), '"\\udf06\\udf06𝌆"',
+              'JSON.stringify("\\uDF06\\uDF06\\uD834\\uDF06")');
+        }
+    },
+];
+
+testRunner.runTests(tests, { verbose: WScript.Arguments[0] != "summary" });