Re: [Chicken-hackers] CHICKEN in production

[John Cowan]

Florian Zumbiehl scripsit:

> > As you are guaranteed to receive syntactically valid JSON documents,
> > you obviously don't need to worry about parsing failures.
>
> In that case, the result is not rejected valid(!) input (it's valid
> JSON, so nothing bogus about it, even if you happen to dislike NUL
> characters), but a crashed system.

My point is that no one has a legitimate reason to inject NULs into a JSON
document, for reasons already given: such a person is a black hat.  And if
we are to say that all C implementations of JSON are not JSON parsers, I
don't know where to go from there.

> The correct way to handle data is by preserving its meaning, which is
> not achieved either by truncating it at NULs, or by rejecting NULs,
> but by preserving NULs.

I deny that the meaning of any legitimate string is affected by the
presence of a NUL in it, except insofar as some systems may interpret
that string as being shorter than it is.

> String containing slash to filename? Exception! String containing colon
> to hostname? Exception! String containing NUL to C string? Exception!

These aren't all the same.  Filenames and hostnames are specific uses of
strings, but C strings are just as general purpose as anyone else's strings,
even though they can't handle NUL.

-- 
John Cowan          http://www.ccil.org/~cowan        address@hidden
Sir, I quite agree with you, but what are we two against so many?
    --George Bernard Shaw,
         to a man booing at the opening of _Arms and the Man_