Run a JSON file through multiple parsers and you'll get different results every time • The Register
"That warning comes from software engineer Nicholas Seriot, who last week presented his work on JSON parsers to an audience at Geneva's Soft-Shake Conference."
'The ubiquitous message-passing JSON format is something of an untended garden with plenty of security and stability traps for the unwary. ', "The full results are here; a “red” entry in the table means Seriot's test crashed the parser (bad, because crashes can lead to exploits)."
'There are now six documents that describe it, with differences between all of them; and as a result, no two parsers are quite alike. '
' A “brown” entry – “parsing should have succeeded but failed” – is also dangerous, “because an uncontrolled input may prevent the parser to parse a whole document”. ®'
1 comment
0 u/derram 01 Nov 2016 21:30
https://archive.is/VDFRP :
"That warning comes from software engineer Nicholas Seriot, who last week presented his work on JSON parsers to an audience at Geneva's Soft-Shake Conference."
'The ubiquitous message-passing JSON format is something of an untended garden with plenty of security and stability traps for the unwary. ', "The full results are here; a “red” entry in the table means Seriot's test crashed the parser (bad, because crashes can lead to exploits)."
'There are now six documents that describe it, with differences between all of them; and as a result, no two parsers are quite alike. '
' A “brown” entry – “parsing should have succeeded but failed” – is also dangerous, “because an uncontrolled input may prevent the parser to parse a whole document”. ®'
This has been an automated message.