[thelist] ajax, javascript libraries - security.

Charles lists07 at wiltgen.net
Sun Apr 15 13:59:21 CDT 2007

> Using a data format with the capability of defining behavior never made
any sense to me.

JSON doesn't have that capability.  JSON is just a simple subset of
JavaScript's object notation, and it's best not to internally equate the

Obviously, anyone eval()-ing anything that might contain untrusted code is
asking for it.

> Bottom line: just use XML, and tell your dev team to use XML.

That might be good advice if you're not doing rich internet applications.
If you are, then JSON is often a better choice.


-- Charles

More information about the thelist mailing list