Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Put boundaries on lack of "$schema" behavior #1353

Merged
merged 1 commit into from
Dec 6, 2022
+12 −4
Merged

Put boundaries on lack of "$schema" behavior #1353

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 12 additions & 4 deletions jsonschema-core.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1228,7 +1228,15 @@
The "$schema" keyword SHOULD be used in the document root schema object,
and MAY be used in the root schema objects of embedded schema resources.
It MUST NOT appear in non-resource root schema objects. If absent from
the document root schema, the resulting behavior is implementation-defined.
the document root schema, the resulting behavior is implementation-defined,
but MUST fall within the following options:
<ul>
<li>Refuse to process the schema, as with unsupported required
vocabularies</li>
<li>Assume a specific, documented meta-schema</li>
<li>Document the process by which it examines the schema and determines
which of a specific set of meta-schemas to assume</li>
</ul>
</t>
<t>
Values for this property are defined elsewhere in this and other documents,
Expand Down Expand Up @@ -3547,9 +3555,9 @@ https://example.com/schemas/common#/$defs/allOf/1
<t>
Instances and schemas are both frequently written by untrusted third parties, to be
deployed on public Internet servers.
Validators should take care that the parsing and validating against schemas does not consume excessive
system resources.
Validators MUST NOT fall into an infinite loop.
Implementations should take care that the parsing and evaluating against schemas
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe lose "against"

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Phrases like "evaluating against"/"evaluated against"/etc. occur throughout the spec, and I was avoiding changing anything but validate->evaluate. I agree that the terminology is not great, but the need to choose better terminology and use it consistently is already being tracked as issue #922, so I'd rather not mess with it in this PR.

does not consume excessive system resources.
Implementations MUST NOT fall into an infinite loop.
</t>
<t>
A malicious party could cause an implementation to repeatedly collect a copy
Expand Down