You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a valid security concern to read configuration as EDN:
what if someone injects bad EDN that would steal all the money?
While in most cases it won't be a problem, in some cases, for example where apps eval pieces of configuration, it could be risky to "leave the door open".
Add an optional :strings-only restriction, which would read everything as strings, while still enjoying the hierarchy of EDN.
The text was updated successfully, but these errors were encountered:
There is a valid security concern to read configuration as EDN:
While in most cases it won't be a problem, in some cases, for example where apps
evalpieces of configuration, it could be risky to "leave the door open".Add an optional
:strings-onlyrestriction, which would read everything as strings, while still enjoying the hierarchy of EDN.The text was updated successfully, but these errors were encountered: