Comments to the JSON related proposals

zwetan zwetan at gmail.com
Sun Aug 19 12:08:12 PDT 2007


On 8/19/07, Simon Bünzli <zeniko at gmail.com> wrote:
[...]
>
> And as I said: I'd prefer a blacklist to a whitelist as IME the use
> cases for a whitelist will rather require context (e.g. type and number
> of children) opposed to a blacklist for just getting rid of extensions
> to Object.prototype or temporary keys.
>

would not a whitelist
"disallow everything except N in this list"
be more secure than a blacklist
"allow everything except N in this list" ?

not that is that much important with JSON
as you can have only one local context,
but still for some peope willing to extend JSON
to more than "one local context",
a whitelist would be prefered imho.

zwetan


More information about the Es4-discuss mailing list