On 3/28/09, Carsten Ziegeler <[email protected]> wrote: > Hi, > > while implementing the additional json validation to the sling maven > plugin, I noticed that the current json commons module we have is very > failure tolerant. > > It allows for example trailing separators, like in "{,}" or { a:"1",} > It also allows duplicate keys like in "{a:"1",a:"2"}. > I've looked at the latest code at JSON.org - the new code there at least > throws an exception for duplicate keys while it still accepts the > trailing separator. > Now the json definition is imho clearly stating that a trailing > separator is not allowed. > > While I'm all for not being failure tolerant to avoid any problems with > possible other json code trying to parse this stuff, I'm not sure how we > really should handle this. > I think we should make the parsing as strict as possible (although this > might introduce incompatibilities) i agree partially - since the JSON parsing is only needed when reading json from the initial content, or used as transport via http, it can be really tolerant. rejecting duplicate keys might be an option, since the result is undefined.
regards, toby
