[cl-json-devel] Untrusted source

Hraban Luyat hraban at 0brg.net
Wed Oct 5 11:11:48 UTC 2011


Hi,

What is the recommended procedure to sanitize data from an untrusted
source when parsing with cl-json? What is a sane definition of "safe"
in this context, to begin with? I currently deem the following to be
appropriate: for all variables bound to any string, running without
any side effects, OR running out of memory, but nothing else. For
example, is the following function safe?

(defun foo (stream)
  (json:with-decoder-simple-list-semantics
    (json:decode-json stream)))

Greetings,

Hraban Luyat




More information about the cl-json-devel mailing list