I wanted to give LANGSEC a sneak peek of a project I've been working on with Ben Laurie before circulating it more widely:
https://www.tjson.org/ It's a set of security-oriented type annotations added to JSON. The idea is to support cross-format content hashes which are the same regardless of if data is serialized in a binary format like Protobufs, MessagePack, or BSON, or in TJSON. The intended content hash algorithm is Ben Laurie's objecthash: https://github.com/benlaurie/objecthash We have also disallowed some of the more notable sharp edges for JSON security, such as repeated member names in JSON objects. If there are any other notable problems you think should be addressed, I'd be curious to hear them. -- Tony Arcieri
_______________________________________________ langsec-discuss mailing list langsec-discuss@mail.langsec.org https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
