On 3/17/06, Gervase Markham <[EMAIL PROTECTED]> wrote: > Jim Ley wrote: > > Please can you provide more information on how raw JSON is available > > from script elements? > > Apologies; it was the Array constructor, and I was slightly wrong in the > details. Here is the exploit: > http://www.webappsec.org/lists/websecurity/archive/2006-01/msg00087.html
Yeah, only applies to Array, and I'm of the belief this is a Mozilla security flaw anyway, hopefully it'll be fixed soon. Thanks for including the URL in the thread too, illustrates exactly why there are security concerns introduced with this JSONRequest. Cheers, Jim.