--- JSON-XS/XS.pm 2008/03/30 09:27:16 1.100 +++ JSON-XS/XS.pm 2008/04/05 18:15:46 1.101 @@ -630,9 +630,9 @@ =item $max_depth = $json->get_max_depth Sets the maximum nesting level (default C<512>) accepted while encoding -or decoding. If the JSON text or Perl data structure has an equal or -higher nesting level then this limit, then the encoder and decoder will -stop and croak at that point. +or decoding. If a higher nesting level is detected in JSON text or a Perl +data structure, then the encoder and decoder will stop and croak at that +point. Nesting level is defined by number of hash- or arrayrefs that the encoder needs to traverse to reach a given point or the number of C<{> or C<[> @@ -642,9 +642,12 @@ Setting the maximum depth to one disallows any nesting, so that ensures that the object is only a single hash/object or array. -The argument to C will be rounded up to the next highest power -of two. If no argument is given, the highest possible setting will be -used, which is rarely useful. +If no argument is given, the highest possible setting will be used, which +is rarely useful. + +Note that nesting is implemented by recursion in C. The default value has +been chosen to be as large as typical operating systems allow without +crashing. See SECURITY CONSIDERATIONS, below, for more info on why this is useful. @@ -654,13 +657,12 @@ Set the maximum length a JSON text may have (in bytes) where decoding is being attempted. The default is C<0>, meaning no limit. When C -is called on a string longer then this number of characters it will not +is called on a string that is longer then this many bytes, it will not attempt to decode the string but throw an exception. This setting has no effect on C (yet). -The argument to C will be rounded up to the next B -power of two (so may be more than requested). If no argument is given, the -limit check will be deactivated (same as when C<0> is specified). +If no argument is given, the limit check will be deactivated (same as when +C<0> is specified). See SECURITY CONSIDERATIONS, below, for more info on why this is useful.