[Catalyst] implementing ajax
Jonathan Rockway
jon at jrock.us
Wed Mar 12 16:12:25 GMT 2008
* On Wed, Mar 12 2008, Matt Pitts wrote:
> The main reason against JSON for me is security. Something that can be
> eval'd is very dangerous and I'm sure we're all aware of the cross-site
> vulnerabilities that take advantage of JSON returned data.
Don't parse JSON with eval. Use a parser. (How do you think Perl
parses JSON?)
It's a code vs. data issue. Yes, evalling code is dangerous. So don't
do that. Treat your data as data and you won't have a problem.
Regards,
Jonathan Rockway
--
print just => another => perl => hacker => if $,=$"
More information about the Catalyst
mailing list