Hi David,
On Jan 5, 2006, at 11:41 AM, David Janes -- BlogMatrix wrote:
Justin Maxwell wrote:
This is an interesting approach. However, I can't even consider
using it. How can exploiting browser flaws to bypass necessary
security measures provide a permanent, dependable solution to
anything?
You're free not to use it, of course.
Thanks. :-)
I do agree JSON has some useful ideas we should consider in the
general AHAH context, but there is also value in bringing AHAH ideas
into the JSON community, for which you deserve credit.
My personal prediction, take that for what is worth, is that this
"hole" will not be filled -- it is too useful. The most severe form
of cross-domain hijacking -- being able to control, manipulate, and
modify an IFRAME -- doesn't have techniques that translate into
JSON/SCRIPT loading.
Interesting. I presume others have raised the security concerns with
JSON before -- do you have a URL that goes into them?
Most web users run Javascript from all over the place now -- every
time you visit a web page in fact, mostly. The biggest concern is
for content providers that "can I trust a web service being
provided over JSON". If you're doing e-commerce, probably not. If
you're a weblog or static web page displaying data, probably.
I will state this: if JSON is not for you (i.e. some generic person
out there), JAHAH isn't either.
Hmm. Let me see if I follow this logic:
* JavaScript implementations will only be inside browser (and thus
via XMLHttpRequest), which limits them to a) the browser b) the same
domain, greatly limiting chance for mischance.
* Non-browser web service implementations will generally use other
languages to explicitly parse JSON, and thus not be exposed to the
security risk.
Is that more-or-less what you're getting at?
As I said, JSON is out there now and coming into widespread
deployment,
To be sure, I've heard a lot about it, but not looked at it before.
I dare say plists and YAML both still have larger user communities,
though probably not among JavaScript developers. The big question is
whether any of these gains sufficient 'critical mass' to become a
dominant standard.
Certainly, it is noteworthy that a lot of different people are
rebelling against XML as the default encoding, so there is some
"there" there to be exploited.
it's not something that me and a couple of guys down at the pub
invented last weekend :-).
For the record, XOXO-as-YAML was actually invented last *month*, and
at an Indian restaurant, not a pub, so there. ;-)
-- Ernie P.
_______________________________________________
microformats-rest mailing list
[email protected]
http://microformats.org/mailman/listinfo/microformats-rest
_______________________________________________
microformats-rest mailing list
[email protected]
http://microformats.org/mailman/listinfo/microformats-rest
