[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
Re: [xml-dev] Maximally Consumable Data
- From: Elliotte Harold <elharo@metalab.unc.edu>
- To: "Costello, Roger L." <costello@mitre.org>
- Date: Mon, 07 Apr 2008 05:29:16 -0700
>> But, you have to 'eval' it making a
>> potential security threat.
More accurately, you can 'eval' it, making it a potential security
threat. You don't have to, but I still notice that about half of the
JSON articles and tutorials I read suggest using eval() rather than
evalJSON(). I suspect more than half of JSON processing scripts in the
wild use eval() rather than safer options. You simply can't get around
the fact that JSON was delibeartely designed to be evaluated with
eval(). It's going to be insecure unless we change JSON so it can't be
eval'd or remove eval() from the language.
--
Elliotte Rusty Harold elharo@metalab.unc.edu
Java I/O 2nd Edition Just Published!
http://www.cafeaulait.org/books/javaio2/
http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
