> Using a data format with the capability of defining behavior never made any sense to me. JSON doesn't have that capability. JSON is just a simple subset of JavaScript's object notation, and it's best not to internally equate the two. Obviously, anyone eval()-ing anything that might contain untrusted code is asking for it. > Bottom line: just use XML, and tell your dev team to use XML. That might be good advice if you're not doing rich internet applications. If you are, then JSON is often a better choice. http://www.25hoursaday.com/weblog/PermaLink.aspx?guid=060ca7c3-b03f-41aa-937 b-c8cba5b7f986 http://www.25hoursaday.com/weblog/PermaLink.aspx?guid=39842a17-781a-45c8-ade 5-58286909226b -- Charles