|
|
|
|
|
|
by amiga386
465 days ago
|
|
|
> Sending a deeply nested JSON object as part of a request to some API should not crash the server that handles the request. But the API should have limits. For example, respond 413 Payload Too Large if the request is beyond any normal size for that API. Document the limits to API users. You now have an upper bound of how much nesting can be in the user input. |
|
|
In the general case though, recursion can be tricky to think through, the stack is small, and malicious inputs can be very creative.