Hi David, On Jan 5, 2006, at 12:01 PM, David Janes -- BlogMatrix wrote:
... I'm willing to put technology out there that exploits a hole -- or rather "hole", as I think of it. If it JSON/JSONP/JAHAH take off, it's actually easy to add a security bridge within the browser: only allow pure string/dictionary/list/number/basic type definitions to be made on a cross-site script load.
I think the counter-argument to this is that, rather than requiring a security-sniffer to evaluate malicious code for security-safeness before 'actual' evaluation, far better to use a declarative data format and build a rigorous parser into the default library. No?
-- Ernie P. P.S. Ouch, did I really use that many buzzwords in one sentence? _______________________________________________ microformats-rest mailing list [email protected] http://microformats.org/mailman/listinfo/microformats-rest
