Re: json-stream-read should validate json too Duy Nguyen 21 Jan 2020 12:43 UTC

On Tue, Jan 21, 2020 at 5:47 PM Amirouche Boubekki
<xxxxxx@gmail.com> wrote:
> > Alternatively maybe we can wrap user-provided 'proc' in our own proc
> > that does validation on top, something like a stripped down version of
> > %json-read that does nothing but validate? For example,
> > make-json-validator takes a proc and returns a new proc also performs
> > validation.
>
> I will look at it, it seems to me if one can validate inside
> json-stream-read, it will be more useful.

Yes it's definitely more useful inside json-stream-read to me. I was
just worried some people value performance and may be ok with no
validation (e.g. you have verified it at some point before). I don't
know if such a use case exist though.

> Also, I was thinking about adding a parameters like
> `json-maximum-nesting-level` that would be 501 by default.  And that
> will control the reader, in case there is 501 or more nested JSON
> array or object, json-stream-reader will raise a json-error?  What do
> you think?

Do we really have any problem with nesting level though? I think the
streaming code itself does not, and the way 'proc' is currently
implement, we don't call it recursively either. This reminds me of a
hacker news thread [1]. Anyway, because it's quite easy to count depth
from user code (and if 'proc' composes well), and (I assume) we don't
have any limits regarding nesting level, I think it's best leave it
out.

[1] https://news.ycombinator.com/item?id=21483256
--
Duy