|
|
Log in / Subscribe / Register

JSON

JSON

Posted Mar 25, 2009 0:54 UTC (Wed) by dlang (guest, #313)
In reply to: JSON by rfunk
Parent article: Stallman: the JavaScript trap

'properly formatted JSON' may have the limitations you specify, but what is happening is the server sends a string to the browser, and the browser issues 'eval' on that string (possibly after stripping comment tags out so that it doesn't get evaluated accidently). there are no limitations on the client side about what can be executed as part of that eval command

to post comments

JSON

Posted Mar 25, 2009 12:09 UTC (Wed) by rfunk (subscriber, #4054) [Link]

That's not a problem with JSON, but rather a problem with misusing JSON.
The right thing to do is load JSON into Javascript without doing an
arbitrary eval(), and plenty of people do it right.

Then there are those at the other extreme that load executable Javascript
snippets from the server, and eval() those..... :-/


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds