This has worried me also.
The problem is that the json load could be included in a rogue web
page by using a script tag. Since the author of this page has total
control of what he will display he can subvert the javascript
interpreter to run whatever he like when the json object is executed
code for two reasons. a) It
generates an error (script hangs) on the malicious site. b) if a
string contains the characters */, it would escape out of the
safeguard with the commenting solution.
On 4/3/07, Victor Bogado [EMAIL PROTECTED] wrote:
This has worried me also.
The problem
, but this don't make it safe. Leaking data is not cool, and
we all know that web 2.0 is suposed to be cool kid. :-D
On Apr 3, 3:56 pm, Bob Ippolito [EMAIL PROTECTED] wrote:
On 4/3/07, Victor Bogado [EMAIL PROTECTED] wrote:
That paper is very misleading. It doesn't really have anything to do