I'm parsing untrusted data. To improve error reporting, I'd like to keep track of file positions.
As far as I can tell,
clojure.tools.reader.edn/read is the correct tool for untrusted data, but it doesn't do file position metadata, whereas
clojure.tools.reader/read has the file position metadata, but it can end up running code on behalf of the untrusted data, which is obviously not ideal.
If I bind data-readers to a map of know-safe readers, and read-eval to false, would that still leave me open to unwanted code execution by the untrusted data, or would it make
clojure.tools.reader/read safe to use on my EDN?