Pleroma can be configured to return numbers that are too large
Environment
- Pleroma version (could be found in the "Version" tab of settings in Pleroma-FE): "2.7.2 (compatible; Pleroma 2.5.54-325-gb729a8b1-develop)"
Bug description
JSON is Javascript, and Javascript cannot safely represent integers larger than 2^54 -1 (https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/MAX_SAFE_INTEGER).
Users can configure Pleroma servers with values that are too large, causing problems for interoperability between clients and servers.
For example, https://hkgk.nishi.boats is currently reporting that max_toot_chars
property value as 5000000000000000000000000000
.
If you try parseInt(5000000000000000000000000000)
in a Javascript console you'll see that's 5
.
This is a bit of an extreme example, but users should probably be prevented from shooting themselves in the foot like this, and Pleroma should refuse to start (with a clear explanation as to why) if it is misconfigured in this way.