Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:119638 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 99558 invoked from network); 1 Mar 2023 13:45:38 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 1 Mar 2023 13:45:38 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 622FA18033A for ; Wed, 1 Mar 2023 05:45:37 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-ed1-f42.google.com (mail-ed1-f42.google.com [209.85.208.42]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Wed, 1 Mar 2023 05:45:36 -0800 (PST) Received: by mail-ed1-f42.google.com with SMTP id o15so51453550edr.13 for ; Wed, 01 Mar 2023 05:45:36 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=4tS3jtBSqEOIAC1L9ZWtOn4aTRi24MelMr3Y02sZxkg=; b=JsjN3XGOe26VlEjEkxCAASLQzFvN02EjQecU/nsXrr9MxqlxexBZtaVA7yHtuOO5uA vdqRPchcm5Uc6witxKQRn+AYhFC0p8CNzBmEK069oKi40wy2TxAheLwbmEQgQRzWUuK5 V9CzRVvAGiEV/3RvbjC2mlPRg5y6/jQMw9lIiO7mexfusrrAZqZWf2xoUe13Q2VVbeZy I40Rt0A88tERc/GzcZGKsAvAThoKhFe1rUJUshSGsoDyvKr95h7ZVxGTikrdUm8zWl4M g09MVwg0qG0xcqMnrnSWzYMKVlgKGaxjhEpIAYX7VYFuP6MG+pw2DYEDGkKqWuacjvW6 njLw== X-Gm-Message-State: AO0yUKUQjnq/UZ0I/j7Soqai+R+sOPNwgLSIzWtDjP8vVLQ1yr/BIIvj uxT/LuvisSeVIZ9AFr9e7z4ygqFhPOzfCT1JMVV5fFaM X-Google-Smtp-Source: AK7set/4q9PEHJ5IXSmfgAMM19Y9uI4wkSZQgAMw1gKZ0DyHfGARfxwUfIKHET8/t9midWvqhJqkiACjKbMTWeFSUvE= X-Received: by 2002:a17:906:ce59:b0:888:b471:8e18 with SMTP id se25-20020a170906ce5900b00888b4718e18mr3097226ejb.8.1677678335675; Wed, 01 Mar 2023 05:45:35 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: Date: Wed, 1 Mar 2023 13:45:24 +0000 Message-ID: To: =?UTF-8?Q?Micha=C5=82_Marcin_Brzuchalski?= Cc: juan carlos morales , PHP Internals List Content-Type: multipart/alternative; boundary="0000000000003ed06705f5d6ed9f" Subject: Re: [PHP-DEV] RFC Idea - json_validate() validate schema From: bukka@php.net (Jakub Zelenka) --0000000000003ed06705f5d6ed9f Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, On Wed, Mar 1, 2023 at 1:36 PM Micha=C5=82 Marcin Brzuchalski < michal.brzuchalski@gmail.com> wrote: > Hi Jakub > > =C5=9Br., 1 mar 2023, 14:09 u=C5=BCytkownik Jakub Zelenka = napisa=C5=82: > >> > >> > Question ... are you planning to incorporate this by enhancing >> > json_validate() ??? >> > >> >> Yes the plan is to initially enhance json_decode and json_validate that >> would get a new $schema argument . I plan to create a class for the >> actually schema as it needs to be parsed to its own representation so it >> is >> convenient to have it in the object. It could be also later created from >> the different sources than just JSON string (e.g. assoc array / stdClass >> or >> automatic generation from the class that I mentioned before) so it will = be >> better to have it in the class. >> >> Regards >> >> Jakub >> > > Do we really need this in core? What makes it less usable as an extension= ? > > The primary motivation is that this allow stopping decoding / validation once first invalid part is found - basically this is going to be validated as parsed. It means this will eliminate all currently possible DOS attacks on the actual JSON parsing. There are other reasons that we can discuss in more details once proposed like better availability for users but those are just secondary reasons and sort of side effects. Regards Jakub --0000000000003ed06705f5d6ed9f--