Is JSON validation a best practice?

Is it a best practice to validate JSON?

With both a JSON schema proposal and a JavaScript implementation of a JSON Schema validator, this practice would seem relatively frictionless to implement. So, is it a no-brainer that should be part of any robust application? Or do you employ other preferred strategies to handle bad JSON?

Answers


On the server, validation of data coming from outside is a must.

In the browser, it is redundant from a security POV, if you can vouch that the JSON is generated by server code you control and that any data it depends on has been validated on the server. Even so it can still be useful for debugging.


My 2c on this is that:

(a) Yes, obviously incoming data should be validated, but

(b) The best place to do this is NOT with Json data as is, but with actual business logic objects, iff data binding is used. JSON validation makes only sense if you handle "raw" JSON, but most services (at least in Java) use data binding first and then operate on biz logic objects, not on data format (which often is almost an implementation detail)


Need Your Help

Play video in swing (VLCJ without VLC)

java swing dll vlcj

How can I play a video in swing with the library vlcj without having vlc installed?

Why is Dispose being called twice when using this unit of work?

c# repository-pattern entity-framework-6 unit-of-work

Using this generic repository and unit of work framework with EF6, whenever I complete a unit of work operation, the Dispose method in my controller is called twice. Why is this? I would expect...