search

planetis-m / eminim

JSON serialization framework for Nim, works from a Stream directly to any type and back. Depends only on stdlib.
Other
37 stars 6 forks source link

Rebrand as marshal replacement #10

Open planetis-m opened 3 years ago

planetis-m commented 3 years ago

Well on my defense I started implementing eminim as a marshal replacement. It was later called a JSON serialization library because "marshal replacement" seemed to restrictive/unknown. Add more warnings about the limitations of direct serializers and also a reference to https://einarwh.wordpress.com/2020/05/08/on-the-complexity-of-json-serialization/

planetis-m commented 3 years ago

https://labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability-vulnerabilities

planetis-m commented 3 years ago

Counter solution. Explain to people that they need to use serializers that preserve keys order. Luckily there is this article. In std/json that's the default.