There are no tests to ensure that floats fail

[Half-Shot]

As per spec:

Numbers in the JSON must be integers in the range [-(2**53)+1, (2**53)-1].

There isn't any code that checks for floats, either.

[richvdh]

looks like #17 fixes this

[clokep]

Seems like this would be nice, but I don't think we can do it -- see matrix-org/synapse#7381 and related issues.

[richvdh]

I think we should make it turn-on-and-off-able: add an option to reject floats.

[ShadowJonathan]

This is still an issue, I was looking for a method by which synapse ensures that ints do not exceed their maximum value, and i found none.

#17 is closed, I'll look into making a new PR.

[DMRobertson]

Note that the spec says:

Float values are not permitted by this encoding.

and the grammar for only permits integer literals in number.

[DMRobertson]

Additionally: it's not just that the tests fail, but we don't reject floats whatsoever:

>>> canonicaljson.encode_canonical_json({"x": 1.23})
b'{"x":1.23}'

[DMRobertson]

We could add some kind of opt-in strict mode to this function (for use in v6 rooms and up). But whatever we do, we'd need to be careful to maintain backwards compatibility because existing Synapse releases will install canonicaljson willy-nilly without any upper bound.

[richvdh]

But whatever we do, we'd need to be careful to maintain backwards compatibility because existing Synapse releases will install canonicaljson willy-nilly without any upper bound.

I wonder if we should just plan to break such old Synapse releases. We could deprecate the encode_canonical_json name in favour of some other name, and (eventually) drop encode_canonical_json altogether (with a major semver bump). That would leave old Synapses obviously rather than subtly broken, and will leave python-canonicaljson without the footgun of a function called encode_canonical_json which doesn't encode canonical json.