On 2017-06-16, Ben Finney <[email protected]> wrote:
> alister <[email protected]> writes:
>
>> Json is designed to be legal Javascript code & therefore directly
>> executable so no parser is posible.
>
> JSON is designed to be *a strictly limited subset* of legal JavaScript
> that only defines data structures. The explicit goal is that it is
> statically parseable as non-executable data.
That doesn't mean that it's reasonable/acceptable practice to eval() a
string from an untrusted source because it _might_ be JSON.
--
Grant Edwards grant.b.edwards Yow! I brought my BOWLING
at BALL -- and some DRUGS!!
gmail.com
--
https://mail.python.org/mailman/listinfo/python-list
