[OT] is JSON all that great? - was Re: API Help
Ben Finney
ben+python at benfinney.id.au
Fri Jun 16 10:37:27 EDT 2017
Grant Edwards <grant.b.edwards at gmail.com> writes:
> On 2017-06-16, Ben Finney <ben+python at benfinney.id.au> wrote:
> > JSON is designed to be *a strictly limited subset* of legal
> > JavaScript that only defines data structures. The explicit goal is
> > that it is statically parseable as non-executable data.
>
> That doesn't mean that it's reasonable/acceptable practice to eval() a
> string from an untrusted source because it _might_ be JSON.
Yes. We appear to be in firm agreement.
--
\ “It is always a silly thing to give advice, but to give good |
`\ advice is absolutely fatal.” —Oscar Wilde, _The Portrait of Mr. |
_o__) W. H._, 1889-07 |
Ben Finney
More information about the Python-list
mailing list