I have been working my way through some of the getting started docs, and found what I think is a conflict on the page:
http://code.google.com/p/google-web-toolkit-doc-1-5/wiki/GettingStartedJSON First we have this paragraph: However, because eval() can execute any JavaScript code (not just JSON data) this approach has some serious security implications. A much safer option is to use a dedicated JSON parser instead, which will only parse JSON text and never executable JavaScript code. Fortunately, GWT happens to have just such a parser, which we'll use to add JSON support to our StockWatcher sample application. Basically, it says that GWT will supply us with a safe JSON parser so we don't have to worry about accidentally eval()ing bad code. But, a few paragraphs later we learn that we will need to call the parse() method of JSONParser, which comes with this javadoc: Evaluates a trusted JSON string and returns its JSONValue representation. CAUTION! For efficiency, this method is implemented using the JavaScript eval() function, which can execute arbitrary script. DO NOT pass an untrusted string into this method. So I think something is out of sync. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
