In many situations, it's perfectly reasonably to pass JSON data to 'eval' (or V8). However, if one accepts JSON from untrusted parties, one must assume what is ostensibly JSON might actually be malicious JavaScript. The "whole point of JSON" is really to be a compact/ portable data format; the fact that it has syntax and semantics which are a precise subset of JavaScript is merely convenient.
Pete Gontier <http://pete.gontier.org/> On Oct 8, 2008, at 10:47 AM, Simon Ask Ulsnes wrote: > > Excuse me? > > The whole point of JSON is to be representing objects in valid > JavaScript syntax. If parsing JSON using V8's internal parser is too > slow for you, then it doesn't really make sense to use V8 at all. ;-) > > Besides, my example generates JSON. Ragel can only be used to parse > it. > I'm not doubting that Ragel is an excellent state machine compiler, > but you're already using one compiler for your code, why not use the > same for your data, when you even have the luxury that your code and > your data is in the same format? > > - Simon > > 2008/10/8 <[EMAIL PROTECTED]>: >> >> >> >> On Sep 10, 3:04 pm, "Simon Ask Ulsnes" <[EMAIL PROTECTED]> wrote: >>> It's not that hard to add, though. >>> >>> I did something like this: >>> >>> ... >> >> Rather than hacking some basic JSON support into V8 or your V8 >> application, I recommend that it be done the pro' way, using Ragel: >> >> http://www.complang.org/ragel/ >> >> Ragel's compiled state machines are blindingly fast, and hence so are >> the implementations of JSON of languages that use it: >> >> http://json.rubyforge.org/ >> http://modules.gotpike.org/module_info.html?module_id=43 >> >> I did some elementary benchmarking of JSON implementations a while >> back, and JSON in Ragel was in a class of its own. :-) >> >> Slowing down V8's lightning speed with a poor JSON would be so >> sad. ;-) >> >> Morgaine. >>> >> > > > --~--~---------~--~----~------------~-------~--~----~ v8-users mailing list [email protected] http://groups.google.com/group/v8-users -~----------~----~----~----~------~----~------~--~---
