I have been working my way through some of the getting started docs,
and found what I think is a conflict on the page:
http://code.google.com/p/google-web-toolkit-doc-1-5/wiki/GettingStartedJSON
First we have this paragraph:
However, because eval() can execute any JavaScript code (not just JSON
data) this approach has some serious security implications. A much
safer option is to use a dedicated JSON parser instead, which will
only parse JSON text and never executable JavaScript code.
Fortunately, GWT happens to have just such a parser, which we'll use
to add JSON support to our StockWatcher sample application.
Basically, it says that GWT will supply us with a safe JSON parser so
we don't have to worry about accidentally eval()ing bad code.
But, a few paragraphs later we learn that we will need to call the
parse() method of JSONParser, which comes with this javadoc:
Evaluates a trusted JSON string and returns its JSONValue
representation. CAUTION! For efficiency, this method is implemented
using the JavaScript eval() function, which can execute arbitrary
script. DO NOT pass an untrusted string into this method.
So I think something is out of sync.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
Google Web Toolkit group.
To post to this group, send email to Google-Web-Toolkit@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/Google-Web-Toolkit?hl=en
-~--~~~~--~~--~--~---
