yes, security is another issue. thanks for pointing that. just forget my idea.
On Tue, Apr 8, 2008 at 5:42 PM, Jörg Schaible
<[EMAIL PROTECTED]> wrote:
> Mario Ivankovits wrote:
> > Hi!
> >>> JSON is a subset of Javascript,
> >>> so we can use a simple call "eval()" to parse the
> > configurat
I haven't considered all things. You are right. We also have to
support Java 1.x. Forget my idea :)
On Tue, Apr 8, 2008 at 5:28 PM, Emmanuel Bourg <[EMAIL PROTECTED]> wrote:
> This is an interesting idea and could be a way to provide quickly an initial
> implementation of the JSON format. However
Mario Ivankovits wrote:
> Hi!
>>> JSON is a subset of Javascript,
>>> so we can use a simple call "eval()" to parse the
> configuration file.
> Wouldn't that be dangerous for something like "script injection"?
> One might be able to pass in a faked JSON string with some
> code in there
> which will
Hi!
>> JSON is a subset of Javascript,
>> so we can use a simple call "eval()" to parse the configuration file.
Wouldn't that be dangerous for something like "script injection"?
One might be able to pass in a faked JSON string with some code in there
which will be executed on eval() then, no?
Ciao
This is an interesting idea and could be a way to provide quickly an
initial implementation of the JSON format. However the scripting API is
only available in Java 6, and Commons Configuration 2.0 targets Java 5
(Commons Configuration 1.x is stuck with the Java 1.3 compatibility). In
the end we
This is an interesting idea and could be a way to provide quickly an
initial implementation of the JSON format. However the scripting API is
only available in Java 6, and Commons Configuration 2.0 targets Java 5
(Commons Configuration 1.x is stuck with the Java 1.3 compatibility). In
the end we
