This is an automated email from the ASF dual-hosted git repository. chaokunyang pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/fory-site.git
commit 287ba165455cd457d3535fec484dc10d311c368a Author: chaokunyang <[email protected]> AuthorDate: Fri Jun 12 05:44:45 2026 +0000 🔄 synced local 'docs/guide/' with remote 'docs/guide/' --- docs/guide/dart/configuration.md | 30 ++++++---------------------- docs/guide/javascript/configuration.md | 23 +++++++++------------ docs/guide/javascript/index.md | 4 ++-- docs/guide/javascript/troubleshooting.md | 16 --------------- docs/guide/javascript/xlang-serialization.md | 2 +- docs/guide/python/type-registration.md | 2 +- docs/guide/swift/configuration.md | 10 +++------- 7 files changed, 22 insertions(+), 65 deletions(-) diff --git a/docs/guide/dart/configuration.md b/docs/guide/dart/configuration.md index 6ed942a689..f84ff49c2a 100644 --- a/docs/guide/dart/configuration.md +++ b/docs/guide/dart/configuration.md @@ -82,31 +82,13 @@ Limits how deeply nested an object graph can be. Increase this if you have legit final fory = Fory(maxDepth: 128); ``` -### `maxCollectionSize` - -Maximum number of elements accepted in any single list, set, or map field. Prevents runaway memory allocation from malformed messages. - -```dart -final fory = Fory(maxCollectionSize: 100000); -``` - -### `maxBinarySize` - -Maximum number of bytes accepted for any single binary blob field. - -```dart -final fory = Fory(maxBinarySize: 8 * 1024 * 1024); -``` - ## Defaults -| Option | Default | -| -------------------- | --------- | -| `compatible` | `true` | -| `checkStructVersion` | `false` | -| `maxDepth` | 256 | -| `maxCollectionSize` | 1 048 576 | -| `maxBinarySize` | 64 MiB | +| Option | Default | +| -------------------- | ------- | +| `compatible` | `true` | +| `checkStructVersion` | `false` | +| `maxDepth` | 256 | ## Xlang Notes @@ -122,7 +104,7 @@ Security-related configuration: - Register only the expected generated models before deserializing untrusted payloads. - Use `checkStructVersion: true` with `compatible: false` for intentional same-schema payloads. -- Set `maxDepth`, `maxCollectionSize`, and `maxBinarySize` to reject unexpectedly large payloads. +- Set `maxDepth` to reject unexpectedly deep payload shapes. - Prefer generated schemas and explicit field metadata over broad dynamic fields for untrusted input. ## Related Topics diff --git a/docs/guide/javascript/configuration.md b/docs/guide/javascript/configuration.md index 896f599b90..e4a0fb3bd9 100644 --- a/docs/guide/javascript/configuration.md +++ b/docs/guide/javascript/configuration.md @@ -43,22 +43,18 @@ const fory = new Fory({ ref: true, compatible: true, maxDepth: 100, - maxBinarySize: 64 * 1024 * 1024, - maxCollectionSize: 1_000_000, hps, }); ``` -| Option | Default | Description | -| -------------------------- | ----------- | ------------------------------------------------------------------------------------- | -| `ref` | `false` | Enable reference tracking for shared or circular object graphs | -| `compatible` | `true` | Allow field additions/removals without breaking existing messages | -| `maxDepth` | `50` | Maximum nesting depth. Must be `>= 2`. Increase for deeply nested structures | -| `maxBinarySize` | 64 MiB | Maximum bytes accepted for any single binary field | -| `maxCollectionSize` | `1_000_000` | Maximum elements accepted in any list, set, or map | -| `useSliceString` | `false` | Optional string-reading optimization for Node.js. Leave at default unless benchmarked | -| `hps` | unset | Optional fast string helper from `@apache-fory/hps` (Node.js 20+) | -| `hooks.afterCodeGenerated` | unset | Callback to inspect the generated serializer code, useful for debugging | +| Option | Default | Description | +| -------------------------- | ------- | ------------------------------------------------------------------------------------- | +| `ref` | `false` | Enable reference tracking for shared or circular object graphs | +| `compatible` | `true` | Allow field additions/removals without breaking existing messages | +| `maxDepth` | `50` | Maximum nesting depth. Must be `>= 2`. Increase for deeply nested structures | +| `useSliceString` | `false` | Optional string-reading optimization for Node.js. Leave at default unless benchmarked | +| `hps` | unset | Optional fast string helper from `@apache-fory/hps` (Node.js 20+) | +| `hooks.afterCodeGenerated` | unset | Callback to inspect the generated serializer code, useful for debugging | ## Reference Tracking @@ -105,8 +101,7 @@ Leave this unset unless you run on Node.js 20+ and have benchmarked your workloa Security-related configuration: - Register only the expected schemas before deserializing untrusted payloads. -- Set `maxDepth`, `maxBinarySize`, and `maxCollectionSize` for the maximum payload shape your - service accepts. +- Set `maxDepth` for the maximum nesting depth your service accepts. - Prefer explicit `Type.struct(...)` schemas over `Type.any()` for untrusted input. - Pass `hps` only from the official package version you deploy with Fory. diff --git a/docs/guide/javascript/index.md b/docs/guide/javascript/index.md index 29615de78b..2423ef5690 100644 --- a/docs/guide/javascript/index.md +++ b/docs/guide/javascript/index.md @@ -31,7 +31,7 @@ Fory-supported languages. - **Fast**: serializer code is generated and cached the first time you register a schema, not on every call - **Reference-aware**: shared references and circular object graphs are supported when enabled - **Explicit schemas**: field types, nullability, and polymorphism are declared once with `Type.*` builders or TypeScript decorators -- **Safe defaults**: configurable depth, binary size, and collection size limits reject unexpectedly large or deep payloads +- **Safe defaults**: configurable depth checks reject unexpectedly deep payloads - **Modern types**: `bigint`, typed arrays, `Map`, `Set`, `Date`, `float16`, and `bfloat16` are supported ## Installation @@ -103,7 +103,7 @@ Create one `Fory` instance per application and reuse it — creating a new one f ## Configuration Fory JavaScript is xlang-only. `new Fory()` uses compatible schema evolution by default. Configure -reference tracking, size limits, and optional Node.js string acceleration through constructor +reference tracking, maximum read depth, and optional Node.js string acceleration through constructor options; see [Configuration](configuration.md). ## Documentation diff --git a/docs/guide/javascript/troubleshooting.md b/docs/guide/javascript/troubleshooting.md index e1ef6bd29f..bba32aeef7 100644 --- a/docs/guide/javascript/troubleshooting.md +++ b/docs/guide/javascript/troubleshooting.md @@ -38,22 +38,6 @@ new Fory({ maxDepth: 100 }); Increase this only if your data is legitimately deeply nested. -## `Binary size ... exceeds maxBinarySize` - -A binary field or the overall message exceeded the safety limit. If the size is expected and the source is trusted, increase the limit: - -```ts -new Fory({ maxBinarySize: 128 * 1024 * 1024 }); -``` - -## `Collection size ... exceeds maxCollectionSize` - -A list, set, or map has more elements than the configured limit. This often means the data is unexpectedly large. If it is legitimate, increase the limit: - -```ts -new Fory({ maxCollectionSize: 2_000_000 }); -``` - ## `Field "..." is not nullable` You are passing `null` to a field that was not declared nullable. Fix: add `.setNullable(true)` to the field schema: diff --git a/docs/guide/javascript/xlang-serialization.md b/docs/guide/javascript/xlang-serialization.md index d96c4df424..9442fe2647 100644 --- a/docs/guide/javascript/xlang-serialization.md +++ b/docs/guide/javascript/xlang-serialization.md @@ -146,7 +146,7 @@ Use the same type ID or type name in every peer. ## Safety Limits -The `maxDepth`, `maxBinarySize`, and `maxCollectionSize` options protect the JavaScript peer from overly large payloads. They do not change the binary format; they only control what the local `Fory` instance accepts. +The `maxDepth` option bounds nested payloads. It does not change the binary format; it only controls what the local `Fory` instance accepts. ## Related Topics diff --git a/docs/guide/python/type-registration.md b/docs/guide/python/type-registration.md index 302093369f..9e5589595b 100644 --- a/docs/guide/python/type-registration.md +++ b/docs/guide/python/type-registration.md @@ -81,5 +81,5 @@ same registration IDs or names on every peer that shares those payloads. ## Related Topics - [Configuration](configuration.md) - Fory parameters -- [Configuration](configuration.md#security) - Strict mode, deserialization policies, and size limits +- [Configuration](configuration.md#security) - Strict mode, deserialization policies, and maximum read depth - [Custom Serializers](custom-serializers.md) - Custom serialization diff --git a/docs/guide/swift/configuration.md b/docs/guide/swift/configuration.md index 450503f804..85c1e33257 100644 --- a/docs/guide/swift/configuration.md +++ b/docs/guide/swift/configuration.md @@ -30,8 +30,6 @@ public struct Config { public let trackRef: Bool public let compatible: Bool public let checkClassVersion: Bool - public let maxCollectionSize: Int - public let maxBinarySize: Int public let maxDepth: Int } ``` @@ -88,11 +86,10 @@ let fory = Fory(compatible: false, checkClassVersion: true) ### Size and Depth Limits -`maxCollectionSize`, `maxBinarySize`, and `maxDepth` bound decoded payload size -and nesting depth. +`maxDepth` bounds decoded payload nesting depth. ```swift -let fory = Fory(maxCollectionSize: 1_000_000, maxBinarySize: 64 * 1024 * 1024, maxDepth: 5) +let fory = Fory(maxDepth: 5) ``` ## Recommended Presets @@ -123,5 +120,4 @@ Security-related configuration: - Register only the expected generated models before deserializing untrusted payloads. - Use `checkClassVersion` with `compatible: false` for intentional same-schema payloads. -- Set `maxCollectionSize`, `maxBinarySize`, and `maxDepth` for the largest payload shape your - service accepts. +- Set `maxDepth` for the largest nesting depth your service accepts. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
