W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2008

RE: issue 85 - range unit extensions

From: Robert Brewer <fumanchu@aminus.org>
Date: Wed, 3 Sep 2008 13:47:31 -0700
Message-ID: <F1962646D3B64642B7C9A06068EE1E6404A1A862@ex10.hostedexchange.local>
To: "Kris Zyp" <kris@sitepen.com>, "Jamie Lokier" <jamie@shareable.org>
Cc: "Yves Lafon" <ylafon@w3.org>, "Julian Reschke" <julian.reschke@gmx.de>, <ietf-http-wg@w3.org> 

Kris Zyp wrote:
> > If it's only used with the "application/json" media-type, and it can
> > define that "items" always refers to _array_ items (i.e. numbered)
> > and the JSON _top-level_ object is an array, then I have no such
> > concern.
> 
> I agree, it should only be applicable when the top-level entity is an
> array.

Except...there are a number of people who close a set of XSS attacks by
mandating their JSON implementations never return a top-level array,
only an object.

Cf
http://www.kid666.com/blog/2006/12/23/security-ajax-json-satisfaction/


Robert Brewer
fumanchu@aminus.org
Received on Wednesday, 3 September 2008 20:46:33 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:54 GMT