|
|
Log in / Subscribe / Register

JSON

JSON

Posted Mar 24, 2009 12:18 UTC (Tue) by rfunk (subscriber, #4054)
In reply to: Stallman: the JavaScript trap by dlang
Parent article: Stallman: the JavaScript trap

JSON, while being parseable as Javascript, is much more restrictive and contains no
executable instructions, just data structure definition. It's also much more compa, readable, and
parseable than XML.

to post comments

JSON

Posted Mar 25, 2009 0:54 UTC (Wed) by dlang (guest, #313) [Link] (1 responses)

'properly formatted JSON' may have the limitations you specify, but what is happening is the server sends a string to the browser, and the browser issues 'eval' on that string (possibly after stripping comment tags out so that it doesn't get evaluated accidently). there are no limitations on the client side about what can be executed as part of that eval command

JSON

Posted Mar 25, 2009 12:09 UTC (Wed) by rfunk (subscriber, #4054) [Link]

That's not a problem with JSON, but rather a problem with misusing JSON.
The right thing to do is load JSON into Javascript without doing an
arbitrary eval(), and plenty of people do it right.

Then there are those at the other extreme that load executable Javascript
snippets from the server, and eval() those..... :-/


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds