Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MSC2540: Stricter event validation: JSON compliance #2540

Merged
merged 10 commits into from
May 25, 2020
63 changes: 63 additions & 0 deletions proposals/2540-stricter-event-validation.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
# MSC2540: Stricter event validation: JSON compliance

## Background

There has been [prior discussions](https://github.com/matrix-org/matrix-doc/issues/1646)
about validating events more strictly. This MSC proposes fixing a small piece of
this: JSON compliance.

The [Canonical JSON](https://matrix.org/docs/spec/appendices#canonical-json)
specification requires that numbers that are serialized in JSON are integers in
the range of [-2 ^ 53 + 1, 2 ^ 53 - 1], which matches the requirements of
clokep marked this conversation as resolved.
Show resolved Hide resolved
[section 6 of RFC 7159](https://tools.ietf.org/html/rfc7159). Note that it is
not explicit, but all floats are invalid.

It is worth mentioning that there are common extensions to JSON which produce
invalid JSON according to the Matrix specification, some programming langauges
clokep marked this conversation as resolved.
Show resolved Hide resolved
even support these by default. One common additional feature is handling
"special" float values: `Infinity`, `-Infinity`, and `NaN`.


## Proposal
turt2live marked this conversation as resolved.
Show resolved Hide resolved

In a future room version, homeserver implementations are to strictly enforce
the JSON compliance of the Canonical JSON specification for events. Events that
do not abide by these rules should be rejected with the error code `M_NOT_JSON`.
clokep marked this conversation as resolved.
Show resolved Hide resolved
clokep marked this conversation as resolved.
Show resolved Hide resolved

The rationale for doing this in a future room version is to avoid a split brain
room -- where some federated servers believe an event is valid and others reject
it as invalid. Rooms will be able to opt into this behavior as part of a room
version upgrade.

Homeserver implementations are not to strictly enforce this JSON compliance in
[stable room versions](https://matrix.org/docs/spec/#complete-list-of-room-versions).
clokep marked this conversation as resolved.
Show resolved Hide resolved
The rationale is essentially the same as why a future room version is necessary,
clokep marked this conversation as resolved.
Show resolved Hide resolved
this ensures that all federated servers treat the same events as valid.


## Potential issues

Homeserver implementations might include JSON parsers which are stricter than
others. It may not be worthwhile or reasonable to loosen those restrictions for
stable room versions.


## Alternatives

It could be argued that this MSC is unnecessary since it does not add any new
requirements for handling of JSON data. Unfortunately starting to enforce these
requirements in current rooms could cause federation to break as homeservers
will disagree on whether events are valid.


## Security considerations

N/A


## Unstable prefix

A room versions of `org.matrix.strict_canonicaljson` until a future room version
clokep marked this conversation as resolved.
Show resolved Hide resolved
is available. This room version will use
[room version 5](https://matrix.org/docs/spec/rooms/v5) as base and include the
above modifications.