commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mario Ivankovits <ma...@ops.co.at>
Subject Re: [configuration] JSON format
Date Tue, 08 Apr 2008 09:33:05 GMT
Hi!
>> JSON is a subset of Javascript,
>> so we can use a simple call "eval()" to parse the configuration file.
Wouldn't that be dangerous for something like "script injection"?
One might be able to pass in a faked JSON string with some code in there
which will be executed on eval() then, no?

Ciao,
Mario


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org


Mime
View raw message