javascript - Handling bad JSON.parse() in node safely -

-

using node/express - want json out of request headers, want safely.
if reason it's not valid json, it's fine, can return false or whatever , reject request , keep going. problem throws syntax error if it's not valid json. want syntax error blow up, not in case.

var boom = json.parse(req.headers.myheader);

do scrape stack , check bad parse call particular module, , if it's case, ignores it? seems bit crazy. surely there's better way.

edit: aware try/catch blocks a way of handling error, best way in node app? way block node?

the best way catch invalid json parsing errors put calls json.parse() try/catch block.

you not have other option - built-in implementation throws exception on invalid json data , way prevent exception halting application catch it. using 3rd party library not avoid - must try/catch on json.parse() call somewhere.

the alternative implement own json parsing algorithm more forgiving on invalid data structures, feels digging 1 cubic metre hole small nuke.

note performance

the v8 javascript engine used node.js cannot optimise functions contain try/catch block.

update: v8 4.5 , above can optimise try/catch. older releases, see below.

a simple workaround put safe-parsing logic separate function main function can still optimised:

function safelyparsejson (json) {   // function cannot optimised, it's best   // keep small!   var parsed    try {     parsed = json.parse(json)   } catch (e) {     // oh well, whatever...   }    return parsed // undefined! }  function doalotofstuff () {   // ... stuff stuff stuff   var json = safelyparsejson(data)   // tadaa, got rid of optimisation killer! }

if json parsing done sporadically, might not have noticeable effect on performance, if used improperly in usage-heavy function lead dramatic increase in response times.

note try/catch being blocking

it should noted every.single.statement of javascript code in node.js executed one-at-a-time, no matter if it's called main function or callback or different module or whatever. such, every single statement will block process. not bad thing - designed application spend of time waiting external resource (database response, http communication, filesystem operations etc.). therefore of great importance executed javascript code can optimised v8 engine takes little time possible in blocked state - see note performance.


Comments

Post a Comment

Popular posts from this blog

c++ - No viable overloaded operator for references a map -

-
i trying use map can make tag names reference number. when try , use it, in code error (6 in total every time reference map): src/main.cpp:25:45: error: no viable overloaded operator[] type 'std::map<std::string, std::string>' const char* idcs = node.child_value(tagmap[3]); this code: #include "pugi/pugixml.hpp" #include <iostream> #include <string> #include <map> int main() { pugi::xml_document doca, docb; std::map<std::string, pugi::xml_node> mapa, mapb; std::map<std::string, std::string> tagmap {{"1", "data"}, {"2", "entry"}, {"3", "id"}, {"4", "content"}}; if (!doca.load_file("a.xml") || !docb.load_file("b.xml")) { std::cout << "can't find input files"; return 1; } (auto& node: doca.child(tagmap[1]).children(tagmap[2])) { co
Read more

java - Custom OutputStreamAppender not run: LOGBACK: No context given for <MYAPPENDER> -

-
i wish write custom appender on basis of outputstreamappender . wrote following class package tests; import java.io.ioexception; import java.io.outputstream; import ch.qos.logback.core.outputstreamappender; public class myappender<e> extends outputstreamappender<e> { public myappender() { system.out.println("myappender created"); setoutputstream(new outputstream() { @override public void write(int b) throws ioexception { throw new unsupportedoperationexception(); } }); } } then wrote following runner: package tests; import org.slf4j.loggerfactory; import ch.qos.logback.classic.logger; public class runner { private static final logger log = (logger) loggerfactory.getlogger(runner.class); public static void main(string[] args) { //log.addappender(new myappender<iloggingevent>()); log.info("hello world"); } } finall
Read more

java - Cannot secure connection using TLS -

-
i'm trying establish secure socket connection between java client applet (built jdk 1.7.0_75-b13) , vc++ server application. as test vehicle, used vc++ client/server sample found in msdn forums, modified use schannel , able establish socket using cipher suite tls_rsa_with_aes_128_cbc_sha. works of tls 1.0/1.1/1.2. when try opening socket java applet same server application, connection rejected server reporting following: tls 1.0 acceptsecuritycontext failed: 0x80090327 tls 1.1 acceptsecuritycontext failed: 0x80090331 tls 1.2 acceptsecuritycontext failed: 0x80090331 this java code used create socket: debugprint("setting secure connection"); sslsocketfactory sslsocketfactory = (sslsocketfactory) sslsocketfactory.getdefault(); sslsocket sslsocket = (sslsocket) sslsocketfactory.createsocket("127.0.0.1", socketnumber); debugprint("starting handshake"); sslsocket.settcpnodelay(true); sslsocket.setsolinger(false, 0); sslsocket.s
Read more