[thelist] ajax, javascript libraries - security.

[Charles]

> You seemed to object to using XML as the data format for RIAs

Oh, I didn't mean to.  I'm working on a for-love project right now that uses
both.  I find that I tend to lean toward JSON for tight-loop stuff, like
populating a "suggest" list that updates in realtime as users type.

> The contradiction I was seeing is that some of the benefits of JSON seem
to be more or less eliminated if you must work with it in a secure way
(i.e., not just eval() it).

That's definitely true to a degree.  JSON is far less expressive than XML (a
positive or a negative depending on the scenario), and so JSON parsers tend
to be simpler and lightweight compared to full-featured XML parsers.

What's your favorite XML parser for JavaScript?

-- Charles