On 8/9/07, Dell Sala <[EMAIL PROTECTED]> wrote: > > json.org provides a json decoder for javascript. I've always used > this instead of eval. This will only parse the json subset, and will > fail for other arbitrary javascript. > > http://www.json.org/js.html > http://www.json.org/json.js >
That script makes it _much_ safer to parse untrusted json, and if there was any way to exploit it at all, someone would have found it by now.... but it still uses eval(). -- Chris Snyder http://chxo.com/ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
