From hraban at 0brg.net  Wed Oct  5 11:11:48 2011
From: hraban at 0brg.net (Hraban Luyat)
Date: Wed, 5 Oct 2011 13:11:48 +0200
Subject: [cl-json-devel] Untrusted source
Message-ID: <CAK273yKp8P0nQSkJonMedX+umWYMM4dBjmCa60j417FwO8KhLw@mail.gmail.com>

Hi,

What is the recommended procedure to sanitize data from an untrusted
source when parsing with cl-json? What is a sane definition of "safe"
in this context, to begin with? I currently deem the following to be
appropriate: for all variables bound to any string, running without
any side effects, OR running out of memory, but nothing else. For
example, is the following function safe?

(defun foo (stream)
  (json:with-decoder-simple-list-semantics
    (json:decode-json stream)))

Greetings,

Hraban Luyat