- Jul 3, 2008--- In email@example.com, "Tyler Close" <tyler.close@...> wrote:
> On Wed, Jul 2, 2008 at 9:08 AM, Douglas Crockford <douglas@...> wrote:
> > delete some characters before evaluation. (I hope to correct this in
> > the next edition of the ECMAScript Standard.)
> In the meantime, does the json2.js definition of control character
> cover all the potentially dangerous characters?
> Shouldn't all JSONSo far this hasn't appeared to be a problem. I haven't seen
> emitters be escaping these characters, since the output might be
> currently results in potentially unsafe JSON output, putting the
> control character definition on the json.org homepage seems wise.
> I wonder how many different definitions of control character are used
> in the collection of implementations at the bottom of the JSON.org
applications flinging around a lot of the Cf characters that get
deleted by Firefox before eval.
For applications that need Cf characters in strings that don't want to
have to escape them, a non-eval parser should be used, such as
- << Previous post in topic Next post in topic >>