Re: [mochikit] JSON.parse MochiKit.Base.evalJSON
On Sat, Nov 28, 2009 at 2:18 PM, Per Cederberg cederb...@gmail.com wrote: I just tried to modify MochiKit.Base.evalJSON() to use the new JSON.parse() function when available. This would give us the following advantages: 1. Speed (but, well... eval() is probably fast enough already) 2. Security Unfortunately we would also get a nasty regression issue due to the stricter syntax enforcement in JSON.parse() vs. eval(). None of the apps we've written depend on the capability to parse invalid JSON, so it wouldn't bother me. -bob -- You received this message because you are subscribed to the Google Groups MochiKit group. To post to this group, send email to mochi...@googlegroups.com. To unsubscribe from this group, send email to mochikit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/mochikit?hl=en.
[mochikit] JSON.parse MochiKit.Base.evalJSON
I just tried to modify MochiKit.Base.evalJSON() to use the new JSON.parse() function when available. This would give us the following advantages: 1. Speed (but, well... eval() is probably fast enough already) 2. Security Unfortunately we would also get a nasty regression issue due to the stricter syntax enforcement in JSON.parse() vs. eval(). It seems that at least the Firefox parser doesn't accept constructs like these: { a: 1 } since the correct JSON syntax would be: { a: 1 } Hmm... So what to do? Just skip this altogether? And add a note in the docs that people should use JSON.parse() themselves if worried about security or speed? Any thoughts are welcome. Cheers, /Per -- You received this message because you are subscribed to the Google Groups MochiKit group. To post to this group, send email to mochi...@googlegroups.com. To unsubscribe from this group, send email to mochikit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/mochikit?hl=en.