On Oct 9, 2008, at 1:08 AM, Simon Ask Ulsnes wrote: >> It's not just for server-side JavaScript. There are any number of >> conditions where an interpreter might parse JSON from an unknown or >> untrusted source. > > Can you mention an example or two? I'm interested, because I couldn't > think of other examples. :-)
There are those who would argue any URL whose scheme is http (as opposed to https) should be treated as untrusted. Even if your code lives in <http://example.com/page.html> and it conducts an XHR transaction with <http://example.com/script.php>, the latter cannot be trusted, some would say. But you don't have to try even that hard to come up with an example. Imagine a transaction similar to SOAP between two servers. --~--~---------~--~----~------------~-------~--~----~ v8-users mailing list [email protected] http://groups.google.com/group/v8-users -~----------~----~----~----~------~----~------~--~---
