You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently there is quite a logic trying to figure out the incoming data. So, if one calls validate() without :json => true, and incoming data is not in valid format, validator tries very much to match the data. And does to e.g. by opening files from local hard drive.
If that is not desired, the only way to prevent such behavior is to call :json => true, which, unfortunately means, that in-memory structures need to be serialized to json first.
So, if I have some object of unknown type (which my happen to be "/etc/passwd" string), and I want to securely test it, currently I need to convert it to json, and json-parse it again in validator.
A lot of discussion is happening around this feature; see #148. I'm going to close this just to try to keep discussion centralized. Feel free to chime in. =)
Currently there is quite a logic trying to figure out the incoming data. So, if one calls validate() without :json => true, and incoming data is not in valid format, validator tries very much to match the data. And does to e.g. by opening files from local hard drive.
If that is not desired, the only way to prevent such behavior is to call :json => true, which, unfortunately means, that in-memory structures need to be serialized to json first.
So, if I have some object of unknown type (which my happen to be "/etc/passwd" string), and I want to securely test it, currently I need to convert it to json, and json-parse it again in validator.
I'd like to have 'dumb' validate method, which do not have any fallbacks, if object does not match, it does not match, do not fallback. I.e. in https://github.com/hoxworth/json-schema/blob/master/lib/json-schema/validator.rb#L629 just be
kind of option.
The text was updated successfully, but these errors were encountered: