From e59dc7a4a018557560ddde5a18b97ead385a843c Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Sun, 18 Sep 2022 19:07:52 -0700 Subject: [PATCH 1/3] Disallow even optional "content*" processing This added substantial complexity for essentially no benefit. The functionality could be trivially implemented as a library on top of a JSON Schema implementation that supports annotation collection. --- jsonschema-validation.xml | 33 +++++++-------------------------- 1 file changed, 7 insertions(+), 26 deletions(-) diff --git a/jsonschema-validation.xml b/jsonschema-validation.xml index a8426471..a95905b0 100644 --- a/jsonschema-validation.xml +++ b/jsonschema-validation.xml @@ -936,42 +936,22 @@ Due to security and performance concerns, as well as the open-ended nature of possible content types, implementations MUST NOT automatically decode, parse, - and/or validate the string contents by default. This additionally supports - the use case of embedded documents intended for processing by a different - consumer than that which processed the containing document. + and/or validate the string contents. Applications are expected to use these + annotations to invoke the appropriate libraries (including JSON Schema for + any further schema-based validation) separately. All keywords in this section apply only to strings, and have no effect on other data types. - - Implementations MAY offer the ability to decode, parse, and/or validate - the string contents automatically. However, it MUST NOT perform these - operations by default, and MUST provide the validation result of each - string-encoded document separately from the enclosing document. This - process SHOULD be equivalent to fully evaluating the instance against - the original schema, followed by using the annotations to decode, parse, - and/or validate each string-encoded document. - - For now, the exact mechanism of performing and returning parsed - data and/or validation results from such an automatic decoding, parsing, - and validating feature is left unspecified. Should such a feature - prove popular, it may be specified more thoroughly in a future draft. - - - - See also the Security Considerations - sections for possible vulnerabilities introduced by automatically - processing the instance string according to these keywords. -
If the instance value is a string, this property defines that the string - SHOULD be interpreted as encoded binary data and decoded using the encoding - named by this property. + SHOULD be interpreted as encoded binary data and, and applications wishing + to decode it SHOULD do so using the encoding named by this property. @@ -1023,7 +1003,8 @@ This keyword MAY be used with any media type that can be mapped into - JSON Schema's data model. + JSON Schema's data model. Specifying such mappings is outside of the + scope of this specification. The value of this property MUST be a valid JSON schema. It SHOULD be ignored if From 2a2f9838fcba67aa3cc006508332e8b3d5ccdf55 Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Wed, 21 Sep 2022 20:06:42 -0700 Subject: [PATCH 2/3] Fix duplicated word Co-authored-by: Jason Desrosiers --- jsonschema-validation.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonschema-validation.xml b/jsonschema-validation.xml index a95905b0..119198f7 100644 --- a/jsonschema-validation.xml +++ b/jsonschema-validation.xml @@ -950,7 +950,7 @@ If the instance value is a string, this property defines that the string - SHOULD be interpreted as encoded binary data and, and applications wishing + SHOULD be interpreted as encoded binary data and applications wishing to decode it SHOULD do so using the encoding named by this property. From e7d36b22c060285ee2ae36c315435a44a30582dd Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Mon, 26 Sep 2022 15:34:10 -0700 Subject: [PATCH 3/3] Remove confusing parenthetical aside based on review feedback. --- jsonschema-validation.xml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/jsonschema-validation.xml b/jsonschema-validation.xml index 119198f7..25cab621 100644 --- a/jsonschema-validation.xml +++ b/jsonschema-validation.xml @@ -937,8 +937,7 @@ Due to security and performance concerns, as well as the open-ended nature of possible content types, implementations MUST NOT automatically decode, parse, and/or validate the string contents. Applications are expected to use these - annotations to invoke the appropriate libraries (including JSON Schema for - any further schema-based validation) separately. + annotations to invoke the appropriate libraries separately. All keywords in this section apply only to strings, and have no