Hello all,
CL-JSON does not allow the user to customize the means used to decode the
keys for object literals. It may be important to avoid interning in a web
setting, for example, since interns of many unique symbols could potentially
use a lot of memory. An attack could exploit this by submitting something
that is passed through cl-json that has many very large, unique symbols.
There used to be a way to get around this with the factory method
customization, but the current library does not include a means of changing
the decoding behavior for a key to avoid interning it. Unless I am missing
something, could this functionality be added?
Red
