@mik235 @sleevi_ @kebesays @AlecMuffett that particular property of JSON is definitely a LANGSEC violation...
-
-
@bascule@sleevi_@kebesays@AlecMuffett I thought that was covered by the "XML is awful, but" part =) -
@bascule@sleevi_@kebesays@AlecMuffett you could get code exec by using javascript eval() for json. Or unpickling a function object, ... -
@mik235 inside the browser, as opposed to on a server? Unless you mean Node in which case lolololol Node -
@bascule I'm just saying that the biggest problems seem to be because a couple of particular (popular) parsers is crap -
@bascule you don't need to support external entities in an XML parser at all. Or recursive entities. -
@mik235 that isn’t the problem. The problem is people don’t realize you need to shut them off -
@bascule yeah, agreed there. But what if you *want* that feature? So either we have less general file formats or less useful. -
@mik235 if you want that feature, don’t use JSON ;)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.