[geeklog-devel] Updated proposal for GSOC
Anthony Rowles
aqrowles at gmail.com
Tue Mar 30 16:18:22 EDT 2010
On Tue, Mar 30, 2010 at 3:56 PM, Abhishek Shrivastava
<abhi.nitt at gmail.com> wrote:
>
> json.org have released a so-called "JSON parser" in the public domain.
> It also uses eval() at its core, but it applies filters beforehand to
> reject all the javascript codes in the input and only accept JSON
> syntax. http://www.json.org/json2.js
> I think we can use this code to boost our json security. However,
> before deploying it, I would like to go through the code and write
> test-cases to ensure it doesn't have any bugs because the author takes
> no guarantee! :|
One thing to note is that as of 1.4.1, jQuery's parseJSON() function
uses the native JSON support in newer browsers (fast, safe, no eval),
and falls back to json.org's "safe" JSON parser in older browsers.
- Tony
More information about the geeklog-devel
mailing list