Pseudo-JSON with unquoted property names
Mark S. Miller
erights at google.com
Fri Jun 5 17:31:09 PDT 2009
On Fri, Jun 5, 2009 at 5:07 PM, Brendan Eich <brendan at mozilla.org> wrote:
> Do Doug and Mark share your risk-of-perpetuating-eval analysis?
I think the logic of David-Sarah's argument is sound, but I do not agree
with the conclusions. The security of those who do switch to the new JSON
api is unaffected by the continued use of eval by others. Given the sparsity
of examples found so far, I'd guess that most of those who continue to use
eval for the reasons David-Sarah mentions will continue to use eval even if
we change JSON to operate as he suggests. There's really not much we can do
to improve the security of code that isn't maintained.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the es5-discuss