> You're welcome to whatever philosophy you choose to hold to, but > unless this change will also address the security issue identified, > it's a complete non-starter ;) >
Of course < and > should be encoded- but they should be encoded per the spec, as \u003C' and '\u003E', respectively. They are currently encoded as '\074' and '\076', which doesn't comply with any JSON specification that I'm aware of. All I'm advocating for is valid JSON- I thought that was the Core team's position now as well, since they finally addressed the key-quoting issue in http://dev.rubyonrails.org/changeset/7697 Am I wrong about that? - D -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
