- Add optional dependency for
jason_native
. Please refer to the repo for usage instructions
- Use the
:erlang.float_to_binary(_, [:short])
function, instead ofio_lib_format.fwrite_g/1
where available (OTP 24.1+). This provides equivalent output with much less memory used and significantly improved performance.
- Add the
Jason.OrderedObject
struct - Support decoding objects preserving all the keys with
objects: :ordered_objects
option - Support decoding floats to
Decimal
withfloats: :decimals
option - Add
~j
and~J
sigils in moduleJason.Sigil
to support writing JSON literals in code
- Fix error reporting when decoding strings (it was possible to mis-attribute the offending byte)
- Verify fields given to
@derive
- Support Decimal 2.0
-
Fix
html_safe
escaping inJason.encode
The
<!--
sequence of characters would not be escaped inJason.encode
withhtml_escape
mode, which could lead to DoS attacks when used for embedding of arbitrary, user controlled strings into HTML through JSON (e.g. inside of<script>
tags).If you were not using the
html_safe
option, you are not affected.Affected versions: < 1.2.1 Patched versions: >= 1.2.1
- Add
Jason.Encode.keyword/2
(cb1f26a).
- Fix
Jason.Helpers.json_map/1
value expansion (70b046a).
- correctly handle the
pretty: false
option (ba318c8).
- correctly handle escape sequences in strings when pretty printing (794bbe4).
- pretty-printing support through
Jason.Formatter
andpretty: true
option inJason.encode/2
(d758e36).
- silence variable warnings for fields with underscores used during deriving (88dd85c).
- potential incompatibility don't raise
Protocol.UndefinedError
in non-bang functions (ad0f57b).
- fix
Jason.Encode.escape
type (a57b430) - multiple documentation improvements
No changes
- update
escape
option ofJason.encode/2
to take values::json | :unicode_safe | :html_safe | :javascript_safe
for consistency. Old values of:unicode
and:javascript
are still supported for compatibility with Poison. (f42dcbd)
- Initial release