Douglas Crockford douglas at
Fri Apr 13 13:22:41 PDT 2007

The only complaints I have received about json.js is
that the methods are not dontenum. That will be fixed
as a result of the current effort.

I don't see that the level of danger here is anything
to worry about. A JSON receiver will not be corrupted
should someone accidently miscode a toJSONString
method. Such accidents are unlikely because the
default methods are right and the method is easy to

If we are concerned about intentional misencodings,
then the focus of worry is entire misplaced. A toJSON
interface allows falsification of data, which is a
much bigger problem. And the current nature of
JavaScript and the DOM provide absolutely no defense
against malicious code, should it get on the page.

More information about the Es4-discuss mailing list