[Catalyst] implementing ajax

Wed Mar 12 16:12:25 GMT 2008

* On Wed, Mar 12 2008, Matt Pitts wrote:
> The main reason against JSON for me is security. Something that can be
> eval'd is very dangerous and I'm sure we're all aware of the cross-site
> vulnerabilities that take advantage of JSON returned data.

Don't parse JSON with eval.  Use a parser.  (How do you think Perl
parses JSON?)

It's a code vs. data issue.  Yes, evalling code is dangerous.  So don't
do that.  Treat your data as data and you won't have a problem.

Regards,
Jonathan Rockway

-- 
print just => another => perl => hacker => if $,=$"