Loading ...
Sorry, an error occurred while loading the content.

1055Re: JSON syntax grammar is missing 'undefined' literal value

Expand Messages
  • Shelby Moore
    May 27, 2008
      > Douglas Crockford wrote:
      > > As a name, it is implemented as a writable global
      > > variable, a feature with alarming security and reliability
      > > consequences.

      On further thought, this is not any more a security concern, than
      JavaScript (or the web page) itself. Agreed, it should be made
      read-only to prevent against non-malicious untended modification.

      There is no security in any JavaScript, because rogue code can change
      any user code. The entire current concept of browser security is
      conceptually flawed, and the solution is as follows:


      The only trustable web page is the one where ALL referents (resources)
      come from a trusted source. Security is fundamentally trust.
      Increasing granularity of trust, decreases security conflicts. I give
      a proposal using sub-frames to segregate private data from the rest of
      the web page.
    • Show all 19 messages in this topic