←back to thread

JSON Patch

(zuplo.com)
299 points DataOverload | 1 comments | 17 Oct 24 17:46 UTC | HN request time: 0.193s | source
Show context
amenod ◴[18 Oct 24 17:15 UTC] No.41881449[source]
So how do you validate the data? You can apply all the changes to existing record and validate the result, but then you need to put everything in memory. Verifying the operations however sounds dangerous... Any pointers?

Also, if someone is using this in production: any gotchas?

replies(2): >>41881609 #>>41881740 #
1. numbsafari ◴[18 Oct 24 17:30 UTC] No.41881609[source]
The approach I've generally seen used is that you have a set of validation that you apply to the JSON and apply that to the results of the patch operation.

You probably want to have some constraints on the kinds of patch objects you apply to avoid simple attacks (e.g. a really large patch, or overly complex patches). But you can probably come up with a set of rules to apply generally to the patch without trying to validate that the patch value for the address meets some business logic. Just do that at the end.