Description
JSON-LD provided no real limits on what can be defined as term. In fact, it's possible to define either a Compact IRI or an absolute IRI as a term which maps to something completely different, which is likely a security problem.
This needs to be fixed in JSON-LD 1.1 and marked as an errata for JSON-LD 1.0.
Consider the following document:
{
"@context": {
"schema": "http://schema.org/",
"foaf": "http://xmlns.com/foaf/0.1/",
"foaf:name": {"@id": "schema:name"},
"http://xmlns.com/foaf/0.1/Person": {"@id": "schema:Person"}
},
"@type": "http://xmlns.com/foaf/0.1/Person",
"foaf:name": "Danbri"
}
This actually expands to the following:
[
{
"@type": [
"http://schema.org/Person"
],
"http://schema.org/name": [
{
"@value": "Danbri"
}
]
}
]
The syntax document needs to place restrictions on terms which are compact IRI or absolute IRIs that they either do not include @id
in their definition, or that it expand to the same IRI as if there was no @id
present. A term looking like a compact IRI without a corresponding prefix definition would be treated as an absolute IRI.
Moreover, context processing should reject any term which looks like an absolute IRI (e.g., http://xmlns.com/foaf/0.1/Person
above), as it opens another corner-case when compacting and no term is available to match the value to be compacted, which falls back to use the absolute IRI, but if that's defined as a term, it will be incorrect.
Given the following input document:
{
"@context": {
"schema": "http://schema.org/",
"foaf": "http://xmlns.com/foaf/0.1/"
},
"@type": "http://xmlns.com/foaf/0.1/Person",
"foaf:name": "Danbri"
}
and the following context:
{
"@context": {
"schema": "http://schema.org/",
"foaf": "http://xmlns.com/foaf/0.1/",
"foaf:name": {"@language": "de"},
"http://xmlns.com/foaf/0.1/name": {"@language": "en"}
},
"@type": "http://xmlns.com/foaf/0.1/Person",
"foaf:name": "Danbri"
}
The result will be
{
"@context": {
"schema": "http://schema.org/",
"foaf": "http://xmlns.com/foaf/0.1/",
"foaf:name": {
"@language": "de"
},
"http://xmlns.com/foaf/0.1/name": {
"@language": "en"
}
},
"@type": "foaf:Person",
"http://xmlns.com/foaf/0.1/name": "Danbri"
}
But, as "http://xmlns.com/foaf/0.1/name
is defined to have @language: en
, expanding this won't get back to the original, it will add @language: en
to the "Danbri" value object.
[
{
"@type": [
"http://xmlns.com/foaf/0.1/Person"
],
"http://xmlns.com/foaf/0.1/name": [
{
"@language": "en",
"@value": "Danbri"
}
]
}
]