> where no third party is involved). If V8 is theoretically used for > writing server-side web applications, I guess there would be a need > for a way to avoid this type of injection attacks (similar to how > current frameworks avoid SQL injection attacks from untrusted input).
It's not just for server-side JavaScript. There are any number of conditions where an interpreter might parse JSON from an unknown or untrusted source. That's why there are four implementations of JSON parsers for JavaScript at json.org, each of which strictly parses JSON instead of blindly eval()ing. Has anyone done performance analysis to show that it even needs to be reimplemented? -- -D. [EMAIL PROTECTED] NSIT University of Chicago --~--~---------~--~----~------------~-------~--~----~ v8-users mailing list [email protected] http://groups.google.com/group/v8-users -~----------~----~----~----~------~----~------~--~---
