tags:

views:

2645

answers:

3
+4  Q: 

Is JSON validation a best practice?

Is it a best practice to validate JSON?

With both a JSON schema proposal and a JavaScript implementation of a JSON Schema validator, this practice would seem relatively frictionless to implement. So, is it a no-brainer that should be part of any robust application? Or do you employ other preferred strategies to handle bad JSON?

+2  A: 

On the server, validation of data coming from outside is a must.

In the browser, it is redundant from a security POV, if you can vouch that the JSON is generated by server code you control and that any data it depends on has been validated on the server. Even so it can still be useful for debugging.

moonshadow  2008-11-21 16:09:55
How are you validating on the server side?I'm kicking my JSON out from PL/SQL, sending it back to a receiving DOJO component. I could see by the JSON references above how to do the validation on the client side...but the server side isn't as clear.
happyappa  2008-11-21 16:13:59
I mean validate on the server data received from the outside world. If you're bothering to marshall it as JSON in that direction. I'm thinking here of security; for debugging data flowing the other way, validation in the client is good enough.Unhelpfully, I roll my own validation code, I'm afraid.
moonshadow  2008-11-21 16:25:08
A: 

My 2c on this is that:

(a) Yes, obviously incoming data should be validated, but

(b) The best place to do this is NOT with Json data as is, but with actual business logic objects, iff data binding is used. JSON validation makes only sense if you handle "raw" JSON, but most services (at least in Java) use data binding first and then operate on biz logic objects, not on data format (which often is almost an implementation detail)

StaxMan  2009-10-21 06:43:53
A: 

I would recommend inclusion of json validation as part of a service perimeter solution. This pattern is described at http://bit.ly/5sSzen

Francois Lascelles  2010-01-28 18:52:08

related questions

Would you override ScriptControl or BaseValidator for an async ASP.NET validator control?
Handling HttpRequestValidationException gracefully and ASP.net AJAX compatible?
How to Dynamically Generate String Validation?
Validate email address in Javascript?
Data Validation Design Patterns
Strong Validation in WPF
How to evaluate an IP?
Validating a HUGE XML file
Validate (X)HTML in Python
ValidationRule To Enforce Unique Name
Checking if userinput is a valid URI in XUL
XML Parser Validation Report
Email SMTP validator
MVC - where to implement form validation (server-side)?
How do you remove invalid hexadecimal characters from an XML-based data source prior to constructing an XmlReader or XPathDocument that uses the data?
How to check set of files conform to a naming scheme
What's the best way to implement field validation using ASP.NET MVC?
How do I validate xml against a DTD file in Python
What's the best way to validate an XML file against an XSD file?
Problem databinding an ASP.Net AJAX toolkit MaskedEditExtender
Validating posted form data in the ASP.NET MVC framework
Best method for varchar date validation in Sybase (T-SQL)?
How important is W3C XHTML/CSS validation when finalizing work?
How far should one take e-mail address validation?
ASP .Net Custom Client-Side Validation