All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Debunking the Myth: JSON Is Not a Subset of YAML

By

AndrewDucker

10mo ago· 2 min readenInsight
Bagel score 65 of 100
65/100
Toasty
Bagelometer

A good honest bake. Not flashy, but you'll finish the whole bagel.

Score65TypeanalysisSentimentneutral

Summary

The article debunks the common misconception that JSON is a subset of YAML, highlighting the risks of parsing JSON with a YAML parser. It explains that JSON documents can fail to parse as YAML or produce semantically different results, with the latter being more dangerous due to its subtlety. Examples include unquoted string scalars in YAML causing misinterpretations.

Key quotes

· 3 pulled
Following this advice will end badly because JSON is not a subset of YAML.
It is easy to construct JSON documents that (1) fail to parse as YAML, or (2) parse to valid but semantically different YAML.
YAML (infamously) allows string scalars to be unquoted.
Snippet from the RSS feed
People on the internet believe that JSON is a subset of YAML, and that it's safe to parse JSON using a YAML parser:

You might also wanna read

Project Glasswing: AI-assisted vulnerability detection finds over 10,000 critical software flaws

Project Glasswing is a collaborative effort launched to secure critical software against potential threats from increasingly capable AI mode

anthropic.com·58m ago

Project Glasswing: AI-assisted vulnerability detection finds over 10,000 critical software flaws

Project Glasswing is a collaborative effort launched to secure critical software against potential threats from increasingly capable AI mode

anthropic.com·58m ago

Kefir C compiler development moves to private mode indefinitely

The developer of the Kefir C compiler announces the cessation of public development, transitioning the project to private mode indefinitely.

kefir.protopopov.lv·2h ago

NVIDIA releases open-source physical AI tools for robotics and autonomous vehicle development

NVIDIA has released a set of open-source "physical AI" skills and tools as part of the NVIDIA Agent Toolkit, designed to simplify robotics,

helpnetsecurity.com·2h ago

North Korean Group Famous Chollima Compromises Packagist Package to Target PHP Developers

A cybersecurity threat report detailing how the threat actor group "Famous Chollima" (linked to North Korea) targeted PHP developers by comp

hendryadrian.com·2h ago

CentOS Stream vs AlmaLinux vs Rocky Linux vs Oracle Linux: A VPS Hosting Comparison

This article compares four Linux distributions—CentOS Stream, AlmaLinux, Rocky Linux, and Oracle Linux—as alternatives for VPS hosting follo

blog.radwebhosting.com·2h ago