* On Wed, Mar 12 2008, Matt Pitts wrote: > The main reason against JSON for me is security. Something that can be > eval'd is very dangerous and I'm sure we're all aware of the cross-site > vulnerabilities that take advantage of JSON returned data.
Don't parse JSON with eval. Use a parser. (How do you think Perl parses JSON?) It's a code vs. data issue. Yes, evalling code is dangerous. So don't do that. Treat your data as data and you won't have a problem. Regards, Jonathan Rockway -- print just => another => perl => hacker => if $,=$" _______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/