RE: [xml-dev] Maximally Consumable Data

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

From: "Costello, Roger L." <costello@mitre.org>
To: <xml-dev@lists.xml.org>
Date: Mon, 7 Apr 2008 08:23:22 -0400

Hi Rob,
 
> But, you have to 'eval' it making a 
> potential security threat.

In the book, Bulletproof Ajax, by Jeremy Keith, he says (p. 87):

"In order to extract the contents of a JSON object, it must be
evaluated.  The eval function is powerful, and potentially dangerous.
If you're retrieving JSON data from a third party that isn't entirely
trustworthy, it could contain some malicious JavaScript code that will
be executed with eval.  For this reason Douglas Crockford has written a
JSON parser that will parse only properties, ignoring any methods
(http://www.json.org/js.html)."

/Roger

Follow-Ups:
- Re: [xml-dev] Maximally Consumable Data
  - From: Elliotte Harold <elharo@metalab.unc.edu>
- Re: [xml-dev] Maximally Consumable Data
  - From: "bryan rasmussen" <rasmussen.bryan@gmail.com>

References:
- Maximally Consumable Data
  - From: "Costello, Roger L." <costello@mitre.org>
- Re: [xml-dev] Maximally Consumable Data
  - From: "bryan rasmussen" <rasmussen.bryan@gmail.com>
- RE: [xml-dev] Maximally Consumable Data
  - From: "Costello, Roger L." <costello@mitre.org>
- RE: [xml-dev] Maximally Consumable Data
  - From: Robert Koberg <rob@koberg.com>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]