Clojure

Document *read-eval* in read, read-string

Details

  • Type: Defect Defect
  • Status: Closed Closed
  • Priority: Trivial Trivial
  • Resolution: Completed
  • Affects Version/s: Release 1.1, Release 1.2, Release 1.3, Release 1.4
  • Fix Version/s: None
  • Component/s: None
  • Labels:
    None
  • Patch:
    Code
  • Approval:
    Vetted

Description

Even though the #=() reader syntax is "unofficial", *read-eval* should be documented in the appropriate API functions – this is a serious security problem for anyone accepting serialized Clojure data structures. E.g., a system service reading a config file, a server accepting an API request.

Activity

People

Vote (6)
Watch (5)

Dates

  • Created:
    Updated:
    Resolved: