hi all configuration devs,
I have a simple and straightforward idea on JSON format. Since Java 6
suppports scripting in Java, it include the Mozilla Rhino engine for
the JavaScript programming language. JSON is a subset of Javascript,
so we can use a simple call eval() to parse the configuration
Hi!
JSON is a subset of Javascript,
so we can use a simple call eval() to parse the configuration file.
Wouldn't that be dangerous for something like script injection?
One might be able to pass in a faked JSON string with some code in there
which will be executed on eval() then, no?
Ciao,
Mario
Mario Ivankovits wrote:
Hi!
JSON is a subset of Javascript,
so we can use a simple call eval() to parse the
configuration file.
Wouldn't that be dangerous for something like script injection?
One might be able to pass in a faked JSON string with some
code in there
which will be executed on
This is an interesting idea and could be a way to provide quickly an
initial implementation of the JSON format. However the scripting API is
only available in Java 6, and Commons Configuration 2.0 targets Java 5
(Commons Configuration 1.x is stuck with the Java 1.3 compatibility). In
the end
This is an interesting idea and could be a way to provide quickly an
initial implementation of the JSON format. However the scripting API is
only available in Java 6, and Commons Configuration 2.0 targets Java 5
(Commons Configuration 1.x is stuck with the Java 1.3 compatibility). In
the end
I haven't considered all things. You are right. We also have to
support Java 1.x. Forget my idea :)
On Tue, Apr 8, 2008 at 5:28 PM, Emmanuel Bourg [EMAIL PROTECTED] wrote:
This is an interesting idea and could be a way to provide quickly an initial
implementation of the JSON format. However the
yes, security is another issue. thanks for pointing that. just forget my idea.
On Tue, Apr 8, 2008 at 5:42 PM, Jörg Schaible
[EMAIL PROTECTED] wrote:
Mario Ivankovits wrote:
Hi!
JSON is a subset of Javascript,
so we can use a simple call eval() to parse the
configuration file.