[cl-json-devel] Untrusted source
Hraban Luyat
hraban at 0brg.net
Wed Oct 5 11:11:48 UTC 2011
Hi,
What is the recommended procedure to sanitize data from an untrusted
source when parsing with cl-json? What is a sane definition of "safe"
in this context, to begin with? I currently deem the following to be
appropriate: for all variables bound to any string, running without
any side effects, OR running out of memory, but nothing else. For
example, is the following function safe?
(defun foo (stream)
(json:with-decoder-simple-list-semantics
(json:decode-json stream)))
Greetings,
Hraban Luyat
More information about the cl-json-devel
mailing list