El vie, 26 ago 2022 a las 11:43, Andreas Leathley (<a.leath...@gmx.net>) escribió: > > On 26.08.22 11:00, Michał Marcin Brzuchalski wrote: > > There is already a way to validate XML in PHP, and Yaml or PHP is > something within the control of a PHP programmer, while JSON is mostly > used as a format for communication in APIs, so you never know what you > get. If with a new function it becomes much easier to defend against a > Denial-of-Service attack for some parts of a JSON API, then this can be > a good addition just for security reasons. > > But this reason, which most resonates with me, is currently missing in > the RFC, so I would suggest to add that fast / efficient validation of a > common communication format reduces the attack surface for > Denial-of-Service attacks. > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: https://www.php.net/unsub.php >
For sure I will add this. Thanks a lot !!!!!! That is exactly why we are having this discussion. Once again, Thanks! RFC: https://wiki.php.net/rfc/json_validate Implementation: https://github.com/php/php-src/pull/9399 -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
