That's all nice & dandy for json. But the "javascript getting executed solely on server saying so" problem still remains. The fact you had to change the synchronous request tests is a clear proof of the problem to me: existing code will break (no issue if documented), existing code will face a security hole (more problematic to say the least).
2010/1/7 John Resig <jere...@gmail.com> > Since we're going to be using JSON.parse, which throws an exception > (and triggers the Ajax error handler) it should probably be consistent > across platforms. I backported some syntax-checking logic from > json2.js and now throw an exception if it doesn't look like it's > proper JSON (which prevents attempts at sending JavaScript back and > having it execute when we're expecting JSON). > > > http://github.com/jquery/jquery/commit/308d6cdad023da190ace2a698ee4815ed8dad9c5 > > --John > > > > On Thu, Jan 7, 2010 at 11:55 AM, John Resig <jere...@gmail.com> wrote: > > On Thu, Jan 7, 2010 at 11:04 AM, Douglas Crockford > > <doug...@crockford.com> wrote: > >> I strongly recommend that you not compromise on safer. > > > > Unfortunately we're in the very challenging position now where > > introducing the use of window.JSON will absolutely break some > > jQuery-using applications - and will continue to do so far into the > > future. For better or worse people are passing around non-valid JSON. > > Using single quotes ({'a':1}) and no quotes ({a:1}) are the two most > > obvious examples, off the top of my head. > > > > I agree that prioritizing on safety and performance should be key but > > we're in a bit of a quandary. > > > > I've backed out the change here: > > > http://github.com/jquery/jquery/commit/c14fa516ae5525f93af562910d22f0a836ebdde3 > > > > But I'm just bracing for the inevitable slew of "broken" applications > > that'll come with the 1.4 release. > > > > --John > > > > -- > You received this message because you are subscribed to the Google Groups > "jQuery Development" group. > To post to this group, send email to jquery-...@googlegroups.com. > To unsubscribe from this group, send email to > jquery-dev+unsubscr...@googlegroups.com<jquery-dev%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/jquery-dev?hl=en. > > > >--
You received this message because you are subscribed to the Google Groups "jQuery Development" group.
To post to this group, send email to jquery-...@googlegroups.com.
To unsubscribe from this group, send email to jquery-dev+unsubscr...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/jquery-dev?hl=en.
