Comments (5)
ok. seems meaningful.
I have to bump major version for this incompatible change.
btw, i did not think of having format applied to non string.
currently the library does not support that. this will also break compatibility.
from jsonschema.
see section 7.2
if you just want to disable for uuid, do:
formats.register("uuid", func(string) bool {return true})
you can't just disable all unknown formats. this was intentional for security reasons
you must know what formats you are using in your jsonschemas.
if you are not interested in implementing validation for them, as shown above, accept any string as valid.
from jsonschema.
BTW: in RFC's the word "SHOULD" means "RECOMMENDED"
from jsonschema.
@santhosh-tekuri I think you can and should ignore all unknown formats. There is no security issue.
https://json-schema.org/latest/json-schema-validation.html#rfc.section.3.2
The "format", "contentType", and "contentEncoding" keywords can also be implemented as assertions, although that functionality is an optional part of this specification, and the keywords convey additional non-assertion information.
I read that as schema author can add whatever makes sense in his domain to format
value that may have no validation affect. Since it should not affect validation, why should schema author put an effort into enumerating all formats to setup validator?
https://json-schema.org/latest/json-schema-validation.html#rfc.section.7.1
A format attribute can generally only validate a given set of instance types. If the type of the instance to validate is not in this set, validation for this format attribute and instance SHOULD succeed.
I read this as unknown format has 0 types of instance to be applied to in validator, therefore validation SHOULD succeed.
https://json-schema.org/latest/json-schema-validation.html#rfc.section.7.2
Save for agreement between parties, schema authors SHALL NOT expect a peer implementation to support this keyword and/or custom format attributes.
This statement addresses potential security issue, author should not expect secure validation unless he explicitly sets up the validator for custom format.
If you still have any doubts, please proceed to json-schema-org/json-schema-spec#732.
from jsonschema.
@santhosh-tekuri as a side note, format
may be asserted for non-string value too, e.g. you may want {"type":"integer", "format":"thousands-and-one"}
with valid value of 9001
. JSON schema does permit it.
from jsonschema.
Related Issues (20)
- Error when loading valid draft7 json schema HOT 2
- Validating json with json-schema HOT 4
- Draft2020 accepts invalid email address. HOT 5
- Support for $defs and definition keyword in Schema object. HOT 3
- ReadOnly and WriteOnly are getting ignored HOT 7
- i18n support
- Detailed output missing info
- Compiling a subresource with an extension validates the subresource against the root extension schema. HOT 6
- unexpected validation error which LSP is fine with HOT 10
- Provide CLI binaries with release HOT 2
- Link in README for YAML playground example is broken HOT 1
- Issue with custom Regex Library HOT 10
- `Compiler.AddResource` for adding pre-compiled schemas HOT 5
- Feature: Adding Context to Validate Method HOT 2
- implementing json.Marshaler interface HOT 9
- Create JSONSchema from Compile()'s result HOT 2
- Wrong unevaluatedProperties validation errors HOT 6
- compiler.go bug in 171
- Invalid JSON schema does not error out HOT 2
- [bug] Not reading from stdin HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jsonschema.