[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Including sjson (formerly (ice-9 json)) and fash.scm in guile proper
|
From: |
Christopher Allan Webber |
|
Subject: |
Re: Including sjson (formerly (ice-9 json)) and fash.scm in guile proper? |
|
Date: |
Sat, 13 May 2017 20:30:55 -0500 |
|
User-agent: |
mu4e 0.9.18; emacs 25.2.1 |
Mark H Weaver writes:
> Hi Chris,
>
> Christopher Allan Webber <address@hidden> writes:
>> So a while ago, David Thompson submitted (ice-9 json) to Guile proper.
>> A few changes were requested, so it hadn't made it in. In the meanwhile
>> I began using it for a number of projects. I also added some
>> modifications and extensions: #nil became 'null for the representation
>> of null values,
>
> Most of the modifications you've made are good, but I'm very
> uncomfortable with the use of #nil in this API. #nil is a terrible hack
> which may not even be adequate for its intended use case. Its existence
> in any data structure is likely to cause misbehavior in other Scheme
> code that is exposed to it, because it violates a longstanding fact in
> Scheme that there is only one value that is treated as "false". It
> would also make it difficult or impossible to port this library, and
> thus anything that depends on this library, to other Scheme systems. We
> should not promote its use by incorporating it into new APIs.
>
> What do you think?
Oh! No you got it backwards, the library *was* using #nil initially,
and I modified it to use 'null now instead. :)
So I think you'd be probably pretty happy!
> Otherwise, I'm generally in favor of incorporating this library into
> Guile, after we make sure that it is robust against malicious inputs.
Okay, cool! The other thing is to add more specific error messages, as
discussed.
What examples of malicious inputs should we test against?