[cl-json-devel] Not interning object keys
Red Daly
reddaly at gmail.com
Thu Jun 25 18:27:04 UTC 2009
Hello all,
CL-JSON does not allow the user to customize the means used to decode the
keys for object literals. It may be important to avoid interning in a web
setting, for example, since interns of many unique symbols could potentially
use a lot of memory. An attack could exploit this by submitting something
that is passed through cl-json that has many very large, unique symbols.
There used to be a way to get around this with the factory method
customization, but the current library does not include a means of changing
the decoding behavior for a key to avoid interning it. Unless I am missing
something, could this functionality be added?
Red
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.common-lisp.net/pipermail/cl-json-devel/attachments/20090625/2a7ab379/attachment.html>
More information about the cl-json-devel
mailing list