diff options
Diffstat (limited to 'Doc/library/json.rst')
| -rw-r--r-- | Doc/library/json.rst | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/Doc/library/json.rst b/Doc/library/json.rst index 4dbc543fc0..dc1799cf08 100644 --- a/Doc/library/json.rst +++ b/Doc/library/json.rst @@ -18,6 +18,11 @@ is a lightweight data interchange format inspired by `JavaScript <https://en.wikipedia.org/wiki/JavaScript>`_ object literal syntax (although it is not a strict subset of JavaScript [#rfc-errata]_ ). +.. warning:: + Be cautious when parsing JSON data from untrusted sources. A malicious + JSON string may cause the decoder to consume considerable CPU and memory + resources. Limiting the size of data to be parsed is recommended. + :mod:`json` exposes an API familiar to users of the standard library :mod:`marshal` and :mod:`pickle` modules. @@ -248,6 +253,12 @@ Basic Usage be used to use another datatype or parser for JSON integers (e.g. :class:`float`). + .. versionchanged:: 3.10.7 + The default *parse_int* of :func:`int` now limits the maximum length of + the integer string via the interpreter's :ref:`integer string + conversion length limitation <int_max_str_digits>` to help avoid denial + of service attacks. + *parse_constant*, if specified, will be called with one of the following strings: ``'-Infinity'``, ``'Infinity'``, ``'NaN'``. This can be used to raise an exception if invalid JSON numbers |