private val MOSHI =
    Moshi
      .Builder()
      .add(
        object : Any() {
          @ToJson fun byteStringToJson(byteString: ByteString) = byteString.hex()

          @FromJson fun byteStringFromJson(json: String) = json.decodeHex()
        },
      ).add(KotlinJsonAdapterFactory())
      .build()
  private val STORY_JSON_ADAPTER = MOSHI.adapter(Story::class.java)

  private val fileSystem = FileSystem.SYSTEM

# 嚴格的 Content-Type 檢查 { #strict-content-type-checking }

預設情況下，FastAPI 會對 JSON 請求主體使用嚴格的 `Content-Type` 標頭檢查。也就是說，JSON 請求必須包含有效的 `Content-Type` 標頭（例如 `application/json`），請求主體（body）才能被解析為 JSON。

## CSRF 風險 { #csrf-risk }

這個預設行為在某個非常特定的情境下，能對一類跨站請求偽造（CSRF, Cross-Site Request Forgery）攻擊提供保護。

這類攻擊利用了瀏覽器在以下情況下允許腳本發送請求而不進行任何 CORS 預檢（preflight）檢查的事實：

- 沒有 `Content-Type` 標頭（例如以 `fetch()` 並使用 `Blob` 作為 body）
- 且沒有送出任何身分驗證憑證

這種攻擊主要與以下情境相關：

// using some colors
func FmtError(introMsg string, err error, jsonFlag bool) string {
	renderedTxt := ""
	uiErr := ErrorToErr(err)
	// JSON print
	if jsonFlag {
		// Message text in json should be simple
		if uiErr.detail != "" {
			return uiErr.msg + ": " + uiErr.detail
		}
		return uiErr.msg
	}
	// Pretty print error message
	introMsg += ": "

    <ExpressionType>SQL</ExpressionType>
    <InputSerialization>
        <CompressionType>NONE</CompressionType>
        <JSON>
            <Type>DOCUMENT</Type>
        </JSON>
    </InputSerialization>
    <OutputSerialization>
        <JSON>
        </JSON>
    </OutputSerialization>
    <RequestProgress>
        <Enabled>FALSE</Enabled>
    </RequestProgress>
</SelectObjectContentRequest>`),

        String[] text = { "json", "test" };
        String[][] readings = { { "json" }, { "test" } };
        String[] tags = { "tag1" };

        SuggestItem item = new SuggestItem(text, readings, null, 0L, 10L, 1.0f, tags, null, null, SuggestItem.Kind.QUERY);

        String json = item.toJsonString();

        assertNotNull(json);
        assertTrue(json.contains("\"" + FieldNames.TEXT + "\":\"json test\""));

    response1 = attacker_client.get("/openapi.json")
    data1 = response1.json()
    assert any(s.get("url") == "/evil-api" for s in data1.get("servers", []))

    # Subsequent legitimate request with no root_path
    clean_client = TestClient(app)
    response2 = clean_client.get("/openapi.json")
    data2 = response2.json()
    servers = [s.get("url") for s in data2.get("servers", [])]

 * governing permissions and limitations under the License.
 */
package org.codelibs.core.text;

/**
 * JSON utilities.
 *
 * @author shinsuke
 *
 */
public class JsonUtil {

    /**
     * Defualt constructor.
     */
    protected JsonUtil() {
    }

    /**
     * Escapes a value as Json string.
     *
     * @param value input
     * @return escaped string.
     */

func errObjectSerializationConflict(err error) *s3Error {
	return &s3Error{
		code:       "ObjectSerializationConflict",
		message:    "InputSerialization specifies more than one format (CSV, JSON, or Parquet), or OutputSerialization specifies more than one format (CSV or JSON). InputSerialization and OutputSerialization can only specify one format each.",
		statusCode: 400,
		cause:      err,
	}
}

func errInvalidExpressionType(err error) *s3Error {

// The result will be compared with the result obtained from json.unMarshal of the byte data.
func TestGetXLMetaV1Jsoniter1(t *testing.T) {
	xlMetaJSON := getXLMetaBytes(1)

	var unMarshalXLMeta xlMetaV1Object
	if err := json.Unmarshal(xlMetaJSON, &unMarshalXLMeta); err != nil {
		t.Errorf("Unmarshalling failed: %v", err)
	}

	var jsoniterXLMeta xlMetaV1Object
	json := jsoniter.ConfigCompatibleWithStandardLibrary

		h.pool.Put(hasher)
	}
	h.borrowed = nil
}

// StandardClaims are basically standard claims with "accessKey"
type StandardClaims struct {
	AccessKey string `json:"accessKey,omitempty"`
	jwtgo.StandardClaims
}

// UnmarshalJSON provides custom JSON unmarshal.
// This is mainly implemented for speed.
func (c *StandardClaims) UnmarshalJSON(b []byte) (err error) {