163Re: [json] Re: JSON.parse
- Dec 28, 2005On 12/28/05, Douglas Crockford <douglas@...> wrote:
>but you still have the bookmarklets issue, right?
> > > faster and smaller than the previous version. It uses a single call
> > > to eval to do the conversion, guarded by a single regExp test to
> > > assure that it is safe.
> > To be more robust, shouldn't it catch errors thrown due to malformed
> > JSON that still passes the regex?
> The issue is "Is it safe?" The eval function is inherently unsafe. It
> allows a chunk of script to run with full authority. Some people have
> been relunctant to use eval to parsing JSON text, and properly so.
the address bar and crap all over your web page, right?
so if it can be eval'd, the user can input it too, so whats the point?
why not use eval?
users can eval too!
also, XML can be very unsafe too, depending on your implementation.
as time passes by, and more and more ppl use xhr, more and more ppl will
have fun with not-so-safe implementations, and SQL attacks *will* be the
order of the day.
but then again, perhaps thats happening right now, so never mind me.
[Non-text portions of this message have been removed]
- << Previous post in topic Next post in topic >>