As the title says:
What kind of sanitization would I need to do to a user-inputted JSON string?
Context:
I am helping someone make a game with FNF features. The module I am developing allows users to input their own chart.json to map when and what notes appear on screen. This feature also allows users to list a URL for the server to grab a custom chart.json from their favorite FNF (or FNF mods) songs.
What do I have to check for to make sure users do not misuse this feature or break it? I understand pcall() is probably going to be my best friend here.
Also, examples of the chart.json file formats may be found: Here And Here
local http = game:GetService("HttpService")
local function validateJSON(jsonString)
local success, _ = pcall(function()
return http:JSONEncode(jsonString)
end)
if success then
return true
else
return false
end
end
This is just a simple example script to start you off. You can essentially turn Roblox’s “JSONEncode” instance method into a wrapper which determines whether or not a string can be converted into a JSON format.
I figured it would be something like that, but just to be clear, there is nothing a user could do to mess up anything when I call JSONDecode? As long as its wrapped in a pcall(), do I have anything to worry about?
Yes, “:JSONEncode()” will never return nil but as long as it doesn’t error it’ll return a valid JSON formatted string which can be later decoded via “:JSONDecode()”.