Re: clojure.edn versus clojure.tools.reader.edn
I am pretty sure that clojure.tools.reader.edn is a version of the Clojure reader specifically for the edn subset, hence the name of the namespace. That said, no need to add a separate dependency on clojure.tools.reader if you would prefer to avoid it, and you are reading EDN inside Clojure on the JVM. Andy On Tue, Nov 28, 2017 at 1:14 PM, Alex Miller wrote: > Presuming you're in Clojure, just use clojure.edn. clojure.edn is written > in Java and targets the edn subset of Clojure's syntax. Presuming you're > reading typical edn data, this is the best answer. > > clojure.tools.reader is a version of the Clojure reader (not the edn > subset) written in Clojure (the biggest user of this is ClojureScript). > > > On Tuesday, November 28, 2017 at 9:51:45 AM UTC-6, Aaron Cummings wrote: >> >> I have a case where I'm reading a Clojure data structure serialized to >> edn, but I don't have complete trust in the soure. >> >> Clearly I want to avoid clojure.core/read-string. The >> cheatsheet at https://clojure.org/api/cheatsheet hints that >> clojure.tools.reader.edn/read-string is a good choice, but I also see >> clojure.edn/read-string. >> >> Are both of these edn readers considered equally safe on untrusted >> input? What tradeoffs are there for one versus the other? >> >> Thanks, >> Aaron >> > -- > You received this message because you are subscribed to the Google > Groups "Clojure" group. > To post to this group, send email to clojure@googlegroups.com > Note that posts from new members are moderated - please be patient with > your first post. > To unsubscribe from this group, send email to > clojure+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/clojure?hl=en > --- > You received this message because you are subscribed to the Google Groups > "Clojure" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to clojure+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: clojure.edn versus clojure.tools.reader.edn
To a large degree Clojure and ClojureScript should be the same from a reader compatibility point of view. -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: clojure.edn versus clojure.tools.reader.edn
Thanks Alex. This makes sense. It did occur to the the recommendation in the cheatsheet might be aimed at ClojureScript compatibility. Since I'm in JVM Clojure only for this project I'll switch over to clojure.edn. -Aaron -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: clojure.edn versus clojure.tools.reader.edn
Presuming you're in Clojure, just use clojure.edn. clojure.edn is written in Java and targets the edn subset of Clojure's syntax. Presuming you're reading typical edn data, this is the best answer. clojure.tools.reader is a version of the Clojure reader (not the edn subset) written in Clojure (the biggest user of this is ClojureScript). On Tuesday, November 28, 2017 at 9:51:45 AM UTC-6, Aaron Cummings wrote: > > I have a case where I'm reading a Clojure data structure serialized to > edn, but I don't have complete trust in the soure. > > Clearly I want to avoid clojure.core/read-string. The > cheatsheet at https://clojure.org/api/cheatsheet hints that > clojure.tools.reader.edn/read-string is a good choice, but I also see > clojure.edn/read-string. > > Are both of these edn readers considered equally safe on untrusted > input? What tradeoffs are there for one versus the other? > > Thanks, > Aaron > -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
clojure.edn versus clojure.tools.reader.edn
I have a case where I'm reading a Clojure data structure serialized to edn, but I don't have complete trust in the soure. Clearly I want to avoid clojure.core/read-string. The cheatsheet at https://clojure.org/api/cheatsheet hints that clojure.tools.reader.edn/read-string is a good choice, but I also see clojure.edn/read-string. Are both of these edn readers considered equally safe on untrusted input? What tradeoffs are there for one versus the other? Thanks, Aaron -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
clojure.edn versus clojure.tools.reader.edn
I have a case where I'm reading a Clojure data structure serialized to edn, but I don't have complete trust in the soure. Clearly I want to avoid clojure.core/read-string. The cheatsheet at https://clojure.org/api/cheatsheet hints that clojure.tools.reader.edn/read-string is a good choice, but I also see clojure.edn/read-string. Are both of these edn readers considered equally safe on untrusted input? What tradeoffs are there for one versus the other? Thanks, Aaron -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.