On 8/19/07, Simon Bünzli <[EMAIL PROTECTED]> wrote: [...] > > And as I said: I'd prefer a blacklist to a whitelist as IME the use > cases for a whitelist will rather require context (e.g. type and number > of children) opposed to a blacklist for just getting rid of extensions > to Object.prototype or temporary keys. >
would not a whitelist "disallow everything except N in this list" be more secure than a blacklist "allow everything except N in this list" ? not that is that much important with JSON as you can have only one local context, but still for some peope willing to extend JSON to more than "one local context", a whitelist would be prefered imho. zwetan _______________________________________________ Es4-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es4-discuss
