add safeguards against invalid raw json strings#44
Merged
SphtKr merged 1 commit intoJSONAPIdotNET:masterfrom Feb 3, 2015
Merged
add safeguards against invalid raw json strings#44SphtKr merged 1 commit intoJSONAPIdotNET:masterfrom
SphtKr merged 1 commit intoJSONAPIdotNET:masterfrom
Conversation
Collaborator
Author
|
BTW this will not merge cleanly with #43, so I'll fix and rebase when one is merged. |
Conflicts: JSONAPI.Tests/Json/JsonApiMediaFormaterTests.cs
4ca3654 to
22dc13f
Compare
Collaborator
Author
|
Merges cleanly now. |
SphtKr
added a commit
that referenced
this pull request
Feb 3, 2015
add safeguards against invalid raw json strings
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I realized that my code that serializes raw JSON down from the database has no protections to ensure that the data is actually valid JSON. If it's malformed in any way, the formatter will happily send it onto the wire and the client will choke on the response.
I added a check that validates raw json properties before they are serialized. If the property value contains unparseable syntax, like
{ x }, then the entire object will be sent down as an empty hash{}. If the property value contains unquoted keys, then the keys will be quoted. So{ foo: 3 }will be serialized as{ "foo": 3 }.(I originally wanted to have the same behavior if we detect unquoted keys as if the JSON is malformed. But I don't think it's possible to make Json.NET do this - the JToken parser just converts the unquoted keys into quoted ones instead of throwing an exception.)