I have a case where I'm reading a Clojure data structure serialized to edn, but I don't have complete trust in the soure.
Clearly I want to avoid clojure.core/read-string. The cheatsheet at https://clojure.org/api/cheatsheet hints that clojure.tools.reader.edn/read-string is a good choice, but I also see clojure.edn/read-string. Are both of these edn readers considered equally safe on untrusted input? What tradeoffs are there for one versus the other? Thanks, Aaron -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.