Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change default of DeserializationFeature.FAIL_ON_TRAILING_TOKENS to true for 3.0 #3406

Open
yawkat opened this issue Feb 28, 2022 · 3 comments
Open

Change default of DeserializationFeature.FAIL_ON_TRAILING_TOKENS to true for 3.0 #3406

yawkat opened this issue Feb 28, 2022 · 3 comments
Labels
3.0 Issue planned for initial 3.0 release

Comments

@yawkat
Copy link
Member

yawkat commented Feb 28, 2022

imo it is better to fail by default here. If you're parsing line-delimited json, you'll notice immediately if you forget to turn off FAIL_ON_TRAILING_TOKENS. However in the other direction, if it was off by default and you forget to turn it on, you probably would never notice (few people test for failures), which could also open up the door to parsing differential vulnerabilities in an application.

See discussion on #3400
@yawkat yawkat added the to-evaluate Issue that has been received but not yet evaluated label Feb 28, 2022
@cowtowncoder cowtowncoder added 3.x Issues to be only tackled for Jackson 3.x, not 2.x and removed to-evaluate Issue that has been received but not yet evaluated labels Apr 21, 2022
@yawkat yawkat mentioned this issue Jun 12, 2023
Closed
@pjfanning pjfanning mentioned this issue Jul 13, 2023
Closed
@cowtowncoder cowtowncoder added 3.0 Issue planned for initial 3.0 release and removed 3.x Issues to be only tackled for Jackson 3.x, not 2.x labels Dec 1, 2024
@cowtowncoder
Copy link
Member

Have not yet decided but will include in "potentially for 3.0.0" list, will bring up on discussion (to be created).

@JooHyukKim
Copy link
Member

Though the rationale here makes sense (and the one from #3400), this seems to be have similar aspects to #493 about FAIL_ON_UNKNOWN_PROPERTIES feature.

So main opposing idea would be the Postel's Law saying...

"be conservative in what you do, be liberal in what you accept from others".

... at the moment I don't have strong opinion on either side yet. I wish we could invite over the same crowd from #493 for discussion 😅.

@cowtowncoder cowtowncoder changed the title Change default of FAIL_ON_TRAILING_TOKENS to true for 3.0 Change default of DeserializationFeature.FAIL_ON_TRAILING_TOKENS to true for 3.0 Dec 1, 2024
@cowtowncoder
Copy link
Member

cowtowncoder commented Dec 1, 2024
edited
Loading

See discussion at FasterXML/jackson-future-ideas#74 wrt whether to make proposed change in 3.0.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3.0 Issue planned for initial 3.0 release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cowtowncoder @yawkat @JooHyukKim