Make ReadJSON secure by default

nhooyr · nhooyr · commit 5a883df45d23 · 2019-04-09T09:45:58.000-05:00
diff --git a/json.go b/json.go
@@ -19,6 +19,9 @@ func ReadJSON(ctx context.Context, c *Conn, v interface{}) error {
 		return xerrors.Errorf("unexpected frame type for json (expected TextFrame): %v", typ)
 	}
 
+	r.Limit(131072)
+	r.SetContext(ctx)
+
 	d := json.NewDecoder(r)
 	err = d.Decode(v)
 	if err != nil {
@@ -31,11 +34,13 @@ func ReadJSON(ctx context.Context, c *Conn, v interface{}) error {
 func WriteJSON(ctx context.Context, c *Conn, v interface{}) error {
 	w := c.MessageWriter(websocket.TextFrame)
 	w.SetContext(ctx)
+
 	e := json.NewEncoder(w)
 	err := e.Encode(v)
 	if err != nil {
 		return xerrors.Errorf("failed to write json: %v", err)
 	}
+
 	err = w.Close()
 	if err != nil {
 		return xerrors.Errorf("failed to write json: %v", err)
