@computionist @bascule For many, the benefits are somewhat abstract, until they get XSSed, whereas costs are real and immediate.
@jcoglan @computionist my main concern here would be "attacker controlled data" not sure what else even matters in that context
-
-
@bascule@computionist So then you need to further prove the JSON doc contains expected types of things before processing it. -
@jcoglan@computionist full recognition before processing or GTFO
End of conversation
New conversation -
-
-
@bascule@computionist Languages, parsers and encoders all the way down.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@bascule@computionist > the user might craft the properties of that doc to exploit your system.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@bascule@computionist Also the notion of 'trustedness' goes beyond strings. You might prove a Blob contains a JSON doc, but >Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@bascule@computionist Which, you can type user input as Blob, and specify how Blobs get encoded in different contexts.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.