- From: Ian Dickinson <ian.dickinson@hp.com>
- Date: Sat, 07 Oct 2006 19:32:55 +0100
- To: Richard Newman <r.newman@reading.ac.uk>
- Cc: SW-forum <semantic-web@w3.org>
Richard Newman wrote: > Because RDF/XML, SPARQL-XML, and turtle are great, but nothing beats > > var mine = eval ("(" + input + ")"); > > in Javascript. Isn't that something of a glaring security hole? Passing an arbitrary string to eval seems to me to just invite compromises analogous to SQL injection attacks. Ian ___________________________________________________________________ Ian Dickinson HP Labs, Bristol, UK mailto:ian.dickinson@hp.com http://www.hpl.hp.com/personal/Ian_Dickinson ph:+44-117-312-8796
Received on Saturday, 7 October 2006 18:33:00 UTC