On Nov 30, 1:36 pm, Jeremy Evans <[email protected]> wrote: > > The new flag was not copied over by design. Basically, the > json_serializer plugin considers incoming JSON untrustworthy, since it > often comes directly from client machines. > > I assume you trust the JSON you are receiving? >
yeah, the security implication had occurred to me... i am confident that im safe, though, since im sending these serialized strings inside of encrypted and authenticated channels between processes written and run by me. > > Your proposed API can't currently work, because the options hash given > to JSON.parse is not passed to the model's json_create method (https:// > github.com/flori/json/blob/master/lib/json/pure/parser.rb#L296). I > would have definitely used an approach that used the JSON.parse > options hash if it was possible. > > My recommendation would be to use the existing json_serializer plugin > as the basis for your own custom plugin. Or just override the > json_create class method in your code, assuming you always want those > features: > i worked around the issue last night using a mixin/extention very similar to what you described. i also came across that very same json parser code after i sent my email to this group... perhaps we could convince flori to do a refactor that will push the options hash from the JSON.parse() call all the way down through the .json_create() calls!?! > > With the patch I'll be committing, that hopefully will take care of > your needs. > thank you very much, sir, im looking forward to it! cheers, -george -- You received this message because you are subscribed to the Google Groups "sequel-talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/sequel-talk?hl=en.
