Richard Newman wrote: > Because RDF/XML, SPARQL-XML, and turtle are great, but nothing beats > > var mine = eval ("(" + input + ")"); > > in Javascript. Isn't that something of a glaring security hole? Passing an arbitrary string to eval seems to me to just invite compromises analogous to SQL injection attacks. Ian ___________________________________________________________________ Ian Dickinson HP Labs, Bristol, UK mailto:ian.dickinson@hp.com http://www.hpl.hp.com/personal/Ian_Dickinson ph:+44-117-312-8796Received on Saturday, 7 October 2006 18:33:00 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:44:55 GMT