I am pretty sure that clojure.tools.reader.edn is a version of the Clojure reader specifically for the edn subset, hence the name of the namespace.
That said, no need to add a separate dependency on clojure.tools.reader if you would prefer to avoid it, and you are reading EDN inside Clojure on the JVM. Andy On Tue, Nov 28, 2017 at 1:14 PM, Alex Miller <[email protected]> wrote: > Presuming you're in Clojure, just use clojure.edn. clojure.edn is written > in Java and targets the edn subset of Clojure's syntax. Presuming you're > reading typical edn data, this is the best answer. > > clojure.tools.reader is a version of the Clojure reader (not the edn > subset) written in Clojure (the biggest user of this is ClojureScript). > > > On Tuesday, November 28, 2017 at 9:51:45 AM UTC-6, Aaron Cummings wrote: >> >> I have a case where I'm reading a Clojure data structure serialized to >> edn, but I don't have complete trust in the soure. >> >> Clearly I want to avoid clojure.core/read-string. The >> cheatsheet at https://clojure.org/api/cheatsheet hints that >> clojure.tools.reader.edn/read-string is a good choice, but I also see >> clojure.edn/read-string. >> >> Are both of these edn readers considered equally safe on untrusted >> input? What tradeoffs are there for one versus the other? >> >> Thanks, >> Aaron >> > -- > You received this message because you are subscribed to the Google > Groups "Clojure" group. > To post to this group, send email to [email protected] > Note that posts from new members are moderated - please be patient with > your first post. > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/clojure?hl=en > --- > You received this message because you are subscribed to the Google Groups > "Clojure" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to [email protected] Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
