Andrew, thanks for the background.
Also, IIRC, it doesn’t do any post-check; it assumes calling str on any Decimal value (after an isfinite check if not allow_nan) produces valid JSON. I think there are unit tests meant to establish that fact, but you’d need to copy those into the stdlib test suite and make the case that their coverage is sufficient,
That seems like the way to go -- if it;s in the stdlib, than any changes to Decimal that breaks it would fail the test. So no harm in relying on Decimal's __str__.
But, of course, comprehensive test coverage is hard/impossible.
or make some other argument that it’s guaranteed to be safe, or ignore str and write a _decimal_str similar to the existing _float_str,
I'm not sure there is any advantage to that -- it would still require the same comprehensive tests -- unless, of course Decimal's __str__ does work for all cases. Or if there is a reason to use a different legal representation than Decimal uses.
or find a way to validate it that isn’t too slow.
Almost by definition validation is going to be slower -- probably on order of twice as slow. Validation is a good idea if you are not controlling the input, but theoretically a waste of time if you are.
- CHB