XML.orgXML.org
FOCUS AREAS |XML-DEV |XML.org DAILY NEWSLINK |REGISTRY |RESOURCES |ABOUT
OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
Re: [xml-dev] Maximally Consumable Data


>> But, you have to 'eval' it making a 
>> potential security threat.

More accurately, you can 'eval' it, making it a potential security 
threat. You don't have to, but I still notice that about half of the 
JSON articles and tutorials I read suggest using eval() rather than 
evalJSON(). I suspect more than half of JSON processing scripts in the 
wild use eval() rather than safer options. You simply can't get around 
the fact that JSON was delibeartely designed to be evaluated with 
eval(). It's going to be insecure unless we change JSON so it can't be 
eval'd or remove eval() from the language.

-- 
Elliotte Rusty Harold  elharo@metalab.unc.edu
Java I/O 2nd Edition Just Published!
http://www.cafeaulait.org/books/javaio2/
http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 1993-2007 XML.org. This site is hosted by OASIS