Colin, Michael, sanitizeJSON is an option and is off by default. If is data created by a user, you better sanitize it.
The performance hit isn't that bad really. Tobie On Jan 25, 11:02 am, Colin Mollenhour <[EMAIL PROTECTED]> wrote: > Is the sanitize step necessary? What would the performance hit be like > on a large response, and is the added complexity worth the trouble > considering all responses come from a controlled environment? You don't > sanitize HTML or XML responses, I say just use eval inside a try/catch. > > Thanks, > Colin --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
