commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mario Ivankovits <>
Subject Re: [configuration] JSON format
Date Tue, 08 Apr 2008 09:33:05 GMT
>> JSON is a subset of Javascript,
>> so we can use a simple call "eval()" to parse the configuration file.
Wouldn't that be dangerous for something like "script injection"?
One might be able to pass in a faked JSON string with some code in there
which will be executed on eval() then, no?


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message