- From: Gervase Markham <gerv@mozilla.org>
- Date: Thu, 16 Mar 2006 21:13:43 +0000
Hallvord R M Steen wrote: > You are right, if no variables are created one can't see the data by > loading it in a SCRIPT tag. Are you aware of intranets/CMSes that use > this as a security mechanism? That's not actually right. I'm pretty sure this came across a public security list, so... You can override the constructor on the prototype of the Object object and get access to JSON objects before the JavaScript engine throws them away when it realises they don't get assigned to a variable. Or something like that, anyway. I can't remember exactly how it worked. But I'm pretty sure that it's true that you can get JSON data if it's not protected. Gerv
Received on Thursday, 16 March 2006 13:13:43 UTC