RE: Maximally Consumable Data

Cart

XML Editor - Download a Free Trial >

See What's New >

Buy Now >

[Home] [By Thread] [By Date] [Recent Entries]

From: "Costello, Roger L." <costello@m...>
To: <xml-dev@l...>
Date: Mon, 7 Apr 2008 08:23:22 -0400

Hi Rob,
 
> But, you have to 'eval' it making a 
> potential security threat.

In the book, Bulletproof Ajax, by Jeremy Keith, he says (p. 87):

"In order to extract the contents of a JSON object, it must be
evaluated.  The eval function is powerful, and potentially dangerous.
If you're retrieving JSON data from a third party that isn't entirely
trustworthy, it could contain some malicious JavaScript code that will
be executed with eval.  For this reason Douglas Crockford has written a
JSON parser that will parse only properties, ignoring any methods
(http://www.json.org/js.html)."

/Roger

Follow-Ups:
- Re: Maximally Consumable Data
  - From: Elliotte Harold <elharo@m...>
- Re: Maximally Consumable Data
  - From: "bryan rasmussen" <rasmussen.bryan@g...>

References:
- Maximally Consumable Data
  - From: "Costello, Roger L." <costello@m...>
- Re: Maximally Consumable Data
  - From: "bryan rasmussen" <rasmussen.bryan@g...>
- RE: Maximally Consumable Data
  - From: "Costello, Roger L." <costello@m...>
- RE: Maximally Consumable Data
  - From: Robert Koberg <rob@k...>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >