W3C home > Mailing lists > Public > semantic-web@w3.org > October 2006

Re: Why JSON?

From: Ian Dickinson <ian.dickinson@hp.com>
Date: Sat, 07 Oct 2006 19:32:55 +0100
Message-ID: <4527F2D7.80303@hp.com>
To: Richard Newman <r.newman@reading.ac.uk>
Cc: SW-forum <semantic-web@w3.org>

Richard Newman wrote:
> Because RDF/XML, SPARQL-XML, and turtle are great, but nothing beats
> 
> var mine = eval ("(" + input + ")");
> 
> in Javascript.
Isn't that something of a glaring security hole? Passing an arbitrary 
string to eval seems to me to just invite compromises analogous to SQL 
injection attacks.

Ian

___________________________________________________________________
Ian Dickinson   HP Labs, Bristol, UK    mailto:ian.dickinson@hp.com
http://www.hpl.hp.com/personal/Ian_Dickinson    ph:+44-117-312-8796
Received on Saturday, 7 October 2006 18:33:00 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 07:41:53 UTC