Presuming you're in Clojure, just use clojure.edn. clojure.edn is written in Java and targets the edn subset of Clojure's syntax. Presuming you're reading typical edn data, this is the best answer.
clojure.tools.reader is a version of the Clojure reader (not the edn subset) written in Clojure (the biggest user of this is ClojureScript). On Tuesday, November 28, 2017 at 9:51:45 AM UTC-6, Aaron Cummings wrote: > > I have a case where I'm reading a Clojure data structure serialized to > edn, but I don't have complete trust in the soure. > > Clearly I want to avoid clojure.core/read-string. The > cheatsheet at https://clojure.org/api/cheatsheet hints that > clojure.tools.reader.edn/read-string is a good choice, but I also see > clojure.edn/read-string. > > Are both of these edn readers considered equally safe on untrusted > input? What tradeoffs are there for one versus the other? > > Thanks, > Aaron > -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
