I can filter out newlines in string literals to translate to invalid JSON, but alternative non-standard methods to terminate string literals - there's no way I can safeguard against this.
On Sep 8, 5:07 pm, "Scott Blum" <[EMAIL PROTECTED]> wrote: > I think string literals need special scrutiny. If there is any way to get > the parser to break out of a string literal where your checker doesn't > notice, it would be a big problem For example, if there are parsers that > will allow a carriage return to terminate a string literal and continue > evaluating code, your checker could miss it. Or if there are alternate ways > to end a string literal, like somehow encoding a character that will be > recognized as an end quote. > On Sun, Sep 7, 2008 at 6:38 PM, Reinier Zwitserloot <[EMAIL PROTECTED]>wrote: > > > I haven't tested it yet, but I'm throwing it out there for review of > > the concept of what's going on here. Obviously, after this method is > > done checking the json string, it will be eval()ed. Is this deemed > > safe enough? --~--~---------~--~----~------------~-------~--~----~ http://groups.google.com/group/Google-Web-Toolkit-Contributors -~----------~----~----~----~------~----~------~--~---
