Re: [cgiapp] [OT] Anyone using JSON::XS to output to a web page?

2008-10-13 Thread Michael Peters 

Peter Karman wrote:


I believe using eval directly has security issues.


Only if you don't trust your data source. If you control the JSON coming in, then it's not a problem 
to use eval, and in fact, it's much faster. But if you don't control the data source, then yes use 
something else. In this case it sounds like the OP controls his data source since he's having 
problems sending it.


--
Michael Peters
Plus Three, LP


#  CGI::Application community mailing list  
####
##  To unsubscribe, or change your message delivery options,  ##
##  visit:  http://www.erlbaum.net/mailman/listinfo/cgiapp##
####
##  Web archive:   http://www.erlbaum.net/pipermail/cgiapp/   ##
##  Wiki:  http://cgiapp.erlbaum.net/ ##
####

Re: [cgiapp] [OT] Anyone using JSON::XS to output to a web page?

2008-10-13 Thread Ron Savage 
Hi Michael

On Mon, 2008-10-13 at 12:14 -0400, Michael Peters wrote:
 Peter Karman wrote:
 
  I believe using eval directly has security issues.
 
 Only if you don't trust your data source. If you control the JSON coming in, 
 then it's not a problem 
 to use eval, and in fact, it's much faster. But if you don't control the data 
 source, then yes use 
 something else. In this case it sounds like the OP controls his data source 
 since he's having 
 problems sending it.

Right. I am generating the JSON, I'm glad to say...

Nevertheless, since I'm using the Yahoo JS libs, I decided to accept
Peter's suggestion and use their wrapper around eval:

http://developer.yahoo.com/yui/json/

-- 
Ron Savage
[EMAIL PROTECTED]
http://savage.net.au/index.html



#  CGI::Application community mailing list  
####
##  To unsubscribe, or change your message delivery options,  ##
##  visit:  http://www.erlbaum.net/mailman/listinfo/cgiapp##
####
##  Web archive:   http://www.erlbaum.net/pipermail/cgiapp/   ##
##  Wiki:  http://cgiapp.erlbaum.net/ ##
####