Discussion:
massaging user entered data into JSON fields
Nimret Sandhu
2013-10-08 23:05:10 UTC
Permalink
when you have clients (esp mobile clients) talking to a JSON API on the
server side, do you massage the user entered data in any way to avoid junk
characters, etc? It appears that there is CDATA equivalent with JSON.

thx,
-
Nimret Sandhu
http://www.nimret.org
George Smith
2013-10-09 01:44:40 UTC
Permalink
The JSON spec is quite specific about what is allowed in strings, and it
specifically states that control characters are not supported (except via
escaping). This does not mean that your favorite JSON parser won't happily
consume junk, it is just that should you switch parsers it might start
breaking!

George
Post by Nimret Sandhu
**
when you have clients (esp mobile clients) talking to a JSON API on the
server side, do you massage the user entered data in any way to avoid junk
characters, etc? It appears that there is CDATA equivalent with JSON.
thx,
-
Nimret Sandhu
http://www.nimret.org
--
"And the users exclaimed with a laugh and a taunt: It's just what we
asked for but not what we want." -- Unknown
Rob Ratcliff
2013-10-09 02:48:13 UTC
Permalink
Speaking of validation, has anybody worked with the JSON schema validator?
http://json-schema.org/
http://en.wikipedia.org/wiki/JSON#JSON_Schema

(JSON seems like a big step backwards from XML or IDL in terms of a its type system, but at least you can validate its simple types
and the ensure that required elements exist with the above approach.)
The JSON spec is quite specific about what is allowed in strings, and it specifically states that control characters are not
supported (except via escaping). This does not mean that your favorite JSON parser won't happily consume junk, it is just that
should you switch parsers it might start breaking!
George
when you have clients (esp mobile clients) talking to a JSON API on the server side, do you massage the user entered data in
any way to avoid junk characters, etc? It appears that there is CDATA equivalent with JSON.
thx,
-
Nimret Sandhu
http://www.nimret.org
--
"And the users exclaimed with a laugh and a taunt: It's just what we asked for but not what we want." -- Unknown
George Smith
2013-10-09 04:31:53 UTC
Permalink
While yes, you can validate that required fields are present, I have found
that to support backward compatibility, it is best to defer validation
until after the old entries have been mapped to the new targets, and then
validate the resultant object graph.

George
Post by Rob Ratcliff
**
Speaking of validation, has anybody worked with the JSON schema validator?
http://json-schema.org/
http://en.wikipedia.org/wiki/JSON#JSON_Schema
(JSON seems like a big step backwards from XML or IDL in terms of a its
type system, but at least you can validate its simple types and the ensure
that required elements exist with the above approach.)
The JSON spec is quite specific about what is allowed in strings, and it
specifically states that control characters are not supported (except via
escaping). This does not mean that your favorite JSON parser won't happily
consume junk, it is just that should you switch parsers it might start
breaking!
George
Post by Nimret Sandhu
when you have clients (esp mobile clients) talking to a JSON API on the
server side, do you massage the user entered data in any way to avoid junk
characters, etc? It appears that there is CDATA equivalent with JSON.
thx,
-
Nimret Sandhu
http://www.nimret.org
--
"And the users exclaimed with a laugh and a taunt: It's just what we
asked for but not what we want." -- Unknown
--
"And the users exclaimed with a laugh and a taunt: It's just what we
asked for but not what we want." -- Unknown
Loading...