Welcome! Please see the About page for a little more info on how this works.

0 votes
in tools.reader by

I'm parsing untrusted data. To improve error reporting, I'd like to keep track of file positions.

As far as I can tell, clojure.tools.reader.edn/read is the correct tool for untrusted data, but it doesn't do file position metadata, whereas clojure.tools.reader/read has the file position metadata, but it can end up running code on behalf of the untrusted data, which is obviously not ideal.

If I bind data-readers to a map of know-safe readers, and read-eval to false, would that still leave me open to unwanted code execution by the untrusted data, or would it make clojure.tools.reader/read safe to use on my EDN?

1 Answer

+1 vote
edited by

I ended up switching to https://github.com/borkdude/edamame