Skip to content
Permalink
Browse files

Acknowledge @beauby for spotting the JSON body parsing problem

  • Loading branch information...
jodosha committed Nov 18, 2016
1 parent 465876b commit 6a5cb7f84349b10e57bdaaff1e2a86fef0b01399
Showing with 4 additions and 1 deletion.
  1. +4 −1 source/blog/2016-11-18-announcing-hanami-091.html.markdown
@@ -15,9 +15,12 @@ This is a security patch for [JSON body parsers](/guides/actions/parameters#body
JSON body parsing was implemented using `Hanami::Utils::Json.load`, which internally uses `JSON.load`.
According to Ruby docs, `JSON.load` should be used only with trusted data, because it evals the given payload.

Thanks to [Lucas Hosseini](https://github.com/beauby) for spotting this problem.

## The Fix

`Hanami::Utils::Json` now implements `.parse`, which is a safe alternative for JSON parsing.
We introduced `Hanami::Utils::Json.parse`, which is a safe alternative for JSON parsing.
JSON body parser now uses this new method, in order to guaratee a higher level of safety.

## How To Fix Your Project

0 comments on commit 6a5cb7f

Please sign in to comment.
You can’t perform that action at this time.