[OT] is JSON all that great? - was Re: API Help
Grant Edwards
grant.b.edwards at gmail.com
Fri Jun 16 10:29:41 EDT 2017
On 2017-06-16, Ben Finney <ben+python at benfinney.id.au> wrote:
> alister <alister.ware at ntlworld.com> writes:
>
>> Json is designed to be legal Javascript code & therefore directly
>> executable so no parser is posible.
>
> JSON is designed to be *a strictly limited subset* of legal JavaScript
> that only defines data structures. The explicit goal is that it is
> statically parseable as non-executable data.
That doesn't mean that it's reasonable/acceptable practice to eval() a
string from an untrusted source because it _might_ be JSON.
--
Grant Edwards grant.b.edwards Yow! I brought my BOWLING
at BALL -- and some DRUGS!!
gmail.com
More information about the Python-list
mailing list