Cart
[Home] [By Thread] [By Date] [Recent Entries]
>> But, you have to 'eval' it making a >> potential security threat. More accurately, you can 'eval' it, making it a potential security threat. You don't have to, but I still notice that about half of the JSON articles and tutorials I read suggest using eval() rather than evalJSON(). I suspect more than half of JSON processing scripts in the wild use eval() rather than safer options. You simply can't get around the fact that JSON was delibeartely designed to be evaluated with eval(). It's going to be insecure unless we change JSON so it can't be eval'd or remove eval() from the language. -- Elliotte Rusty Harold elharo@m... Java I/O 2nd Edition Just Published! http://www.cafeaulait.org/books/javaio2/ http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
