On 12/10/08, Jorge Vargas <[EMAIL PROTECTED]> wrote: > > On Wed, Dec 10, 2008 at 2:55 AM, Christoph Zwerschke <[EMAIL PROTECTED]> > wrote: >> >> Jorge Vargas schrieb: >>> top level array is invalid json! >>> >>> from the super simple spec here json.org you can see that the top >>> level must always be a JS object which means at least one key which >>> means always a python dict. >> >> Where do you get that from json.org? The text is a bit vague, but the >> sentence "JSON is built on two structures" seems to imply that both are >> allowed. See also rfc4627 which explicitly says: >> >> A JSON text is a serialized object *or* array. >> > if you follow the diagram on the right, the top level element is > object which contains members where each member is a pair where the > key is always a string. > On the other hand array is always a right side symbol which can only > be a value, therefore the rule for pair forces it to be always a > value, and never a top level. > > That is of course assuming that's a grammar in BNF which I think it is. > > on the other hand I just tried this and it worked. > on py2.5 >>>> simplejson.dumps(range(4)) > '[0, 1, 2, 3]' > > so now I'm confused.
The specification I also think allows arrays, but as Mark mentioned this is exploitable in an ajax situation: http://bob.pythonmac.org/archives/2007/04/05/fortify-javascript-hijacking-fud/ Cheers, Daniel -- Psss, psss, put it down! - http://www.cafepress.com/putitdown --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears Trunk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears-trunk?hl=en -~----------~----~----~----~------~----~------~--~---
