- From: Mark Baker <distobj@acm.org>
- Date: Thu, 22 Dec 2005 15:53:27 -0500
- To: Bill de hÓra <dehora@eircom.net>
- Cc: www-tag@w3.org
On 12/22/05, Bill de hÓra <dehora@eircom.net> wrote: > I've been following this thread, and believing myself to be in target > audience for such principles. I guess my question is this: why would I > follow this principle? I was thinking the same thing too, and noticed that - just to pick one important consideration - there's no discussion of the security implications of Turing-complete or near-Turing-complete languages. As a topical example, JSON[1] - a subset of Javascript used as a data exchange format for many "AJAX" apps - is generating a lot of buzz, and there's been some issue with some consumers simply eval()-ing JSON data[2][3], despite the fact that what's exchanged could be arbitrary Javascript, with all the security implications that entails. Some food for thought... [1] http://www.crockford.com/JSON/ [2] http://www.crockford.com/JSON/js.html [3] http://en.wikipedia.org/wiki/JSON Mark. -- Mark Baker. Ottawa, Ontario, CANADA. http://www.markbaker.ca Coactus; Web-inspired integration strategies http://www.coactus.com
Received on Thursday, 22 December 2005 20:55:28 UTC