On Wed, Mar 12, 2008 at 6:47 AM, Matt Pitts <[EMAIL PROTECTED]> wrote: > I'm going to have to be the red-headed stepchild that advocates XML... >
> The main reason against JSON for me is security. Something that can be > eval'd is very dangerous and I'm sure we're all aware of the cross-site > vulnerabilities that take advantage of JSON returned data. The one thing > that's always mentioned as total failsafe against it is to *not* use > JSON as your returned data structure. > Right... but eval'ing JSON is the same as eval'ing any other code. A bad idea. Instead, take a look at json.org/json2.js This handles serialization into JSON without using inappropriate evals. JSON, like all things, can be done right or wrong. There are pros and cons to each, but saying JSON is inferior due to security is a strawman argument. > As far as parsing the XML, that's why I use ExtJS. I can define a Store > and use XPath to map Record fields to my XML data - ExtJS does the rest. > It's a bit like having a Model of my data on the client side. > The ExtJS stores are very nice, so is the grid. I like vanilla YUI for most things, but for a rich UI ExtJS really does well. -J -- J. Shirley :: [EMAIL PROTECTED] :: Killing two stones with one bird... http://www.toeat.com _______________________________________________ List: [email protected] Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
