On Thu, May 8, 2025 at 5:22 AM Aleksander Alekseev
wrote:
> Thanks for the patch. It looks good to me. It's well documented and
> covered with tests. I can confirm that the tests pass. Also they fail
> if I decrease the $nesting_limit value to 15.
Thanks for the review!
--Jacob
Hi Jacob,
> I forgot to put a recursion limit in the new OAuth parsers; the
> server-side depth checks don't apply to the client, and it's not using
> the incremental parser to move the burden from the stack to the heap.
> Luckily, we track the nesting level already, so a fix (attached) can
> be p
Hi all,
I forgot to put a recursion limit in the new OAuth parsers; the
server-side depth checks don't apply to the client, and it's not using
the incremental parser to move the burden from the stack to the heap.
Luckily, we track the nesting level already, so a fix (attached) can
be pretty small.
