Merge pull request #987 from handrews/def-annot

Relequestual · web-flow · commit dc9e8a82f4ce · 2020-09-26T22:40:16.000+01:00
Collect unknown keywords as annotations
diff --git a/jsonschema-core.xml b/jsonschema-core.xml
@@ -151,9 +151,9 @@
             <t>
                 JSON Schema can be extended either by defining additional vocabularies,
                 or less formally by defining additional keywords outside of any vocabulary.
-                Unrecognized individual keywords are ignored, while the behavior with respect
-                to an unrecognized vocabulary can be controlled when declaring which
-                vocabularies are in use.
+                Unrecognized individual keywords simply have their values collected as annotations,
+                while the behavior with respect to an unrecognized vocabulary can be controlled
+                when declaring which vocabularies are in use.
             </t>
             <t>
                 This document defines a core vocabulary that MUST be supported by any
@@ -354,7 +354,8 @@
                     </t>
                     <t>
                         A JSON Schema MAY contain properties which are not schema keywords.
-                        Unknown keywords SHOULD be ignored.
+                        Unknown keywords SHOULD be treated as annotations, where the value
+                        of the keyword is the value of the annotation.
                     </t>
                     <t>
                         An empty schema is a JSON Schema with no properties, or only unknown
@@ -578,7 +579,8 @@
                     by any entity.  Save for explicit agreement, schema authors SHALL NOT
                     expect these additional keywords and vocabularies to be supported by
                     implementations that do not explicitly document such support.
-                    Implementations SHOULD ignore keywords they do not support.
+                    Implementations SHOULD treat keywords they do not support as annotations,
+                    where the value of the keyword is the value of the annotation.
                 </t>
                 <t>
                     Implementations MAY provide the ability to register or load handlers
@@ -1240,7 +1242,8 @@
                     </t>
                     <t>
                         Per <xref target="extending" format="counter"></xref>, unrecognized
-                        keywords SHOULD be ignored.  This remains the case for keywords defined
+                        keywords SHOULD be treated as annotations.
+                        This remains the case for keywords defined
                         by unrecognized vocabularies.  It is not currently possible to distinguish
                         between unrecognized keywords that are defined in vocabularies from
                         those that are not part of any vocabulary.
@@ -3093,6 +3096,11 @@ https://example.com/schemas/common#/$defs/count/minimum
                 system resources.
                 Validators MUST NOT fall into an infinite loop.
             </t>
+            <t>
+                A malicious party could cause an implementation to repeatedly collect a copy
+                of a very large value as an annotation.  Implementations SHOULD guard against
+                excessive consumption of system resources in such a scenario.
+            </t>
             <t>
                 Servers MUST ensure that malicious parties can't change the functionality of
                 existing schemas by uploading a schema with a pre-existing or very similar "$id".
