You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If JsonMapper can't be relied on for JSON validation during mapping, it should be clearly documented so that no one tries to rely on the library for data validation. All of the security issues coming from PocketMine-MP arose because of validation loopholes in JsonMapper that I didn't expect.
FWIW, other libraries like Valinor do perform full validation, so I don't think it's unreasonable to assume that complete validation would be a part of a library like this.
If JsonMapper can't be relied on for JSON validation during mapping, it should be clearly documented so that no one tries to rely on the library for data validation. All of the security issues coming from PocketMine-MP arose because of validation loopholes in JsonMapper that I didn't expect.
FWIW, other libraries like Valinor do perform full validation, so I don't think it's unreasonable to assume that complete validation would be a part of a library like this.
Related to: #226 (comment)
The text was updated successfully, but these errors were encountered: