[thelist] ajax, javascript libraries - security.

[trevor]

hi matt, thanks.

i agree when that paper claimed that these libraries "encouraged" insecure 
practice, i thought that was a stretchy claim.

but OTOH, i think their premise was not "all json is bad".   their premise 
was "to raise awareness"  that there are proper and improper ways to handle 
this type of coding.   it's a very general thing, so they also didn't 
present any in depth discussion of best practices.

so, i'm niether attacking nor glorifying their paper,  i'm just asking if 
some pro's here could recommend their favourite resources for ajax security 
best practices, and  json best practices.  there are lots of results to plow 
through from a general search -  i thought i would get some recommends here, 
that's all.

take care, trevor