Re: Security; AJAX; JSON; Satisfaction

sh1mmer — Wed, 02 Jul 2008 09:36:00 -0000

Valid JSON is an anonymous Javascript object. As such to be syntactically correct it requires assignment to a variable. This is why including raw JSON will create a syntax error.

Arrays on the other hand got a bit of syntactic sugar added to make anonymous arrays valid to allow for multidimensional arrays. This means including an unassigned array object is valid Javascript (but not JSON).

It should be noted though that 3rd party Javascript needs something like AdSafe or Caja to make it safe before you can consider using it on your page. 3rd party scripts can overload Object constructors or other functions to get access to private data.

Re: Security; AJAX; JSON; Satisfaction

nejucomo — Tue, 01 Jul 2008 22:51:27 -0000

This is surprising to me. I don't understand either why it doesn't parse, nor your explanation for why it does not parse.

Look at this Spider Monkey session:
js> {"foo": "bar"}
typein:156: SyntaxError: invalid label:
typein:156: {"foo": "bar"}
typein:156: ......^
js> {quz: "quux"}
quux
js> ({quack: "like a duck"}).quack
like a duck
js> ({quack: "like a duck", jump: "like a kangaroo"}).quack
like a duck
js> ({quack: "like a duck", jump: "like a kangaroo"}).jump
like a kangaroo
js> ({"boo": "like a ghost"}).boo
like a ghost
js> ({"boo": "like a ghost", "flash": "like a firefly"}).flash
like a firefly
js> {"boo": "like a ghost"}
typein:165: SyntaxError: invalid label:
typein:165: {"boo": "like a ghost"}
typein:165: ......^

-So to me it appears that there is some grammatical construct which I'm unfamiliar with interfering with the general grammar of object literals. Also, notice these work:

js> x={"boo": "foo"}
[object Object]
js> var y = {"boo": "foo"}
js> y
[object Object]

I guess the next step is to read the javascript grammar to understand what's happening here.

Kid666 Blog - Latest Comments in Security; AJAX; JSON; Satisfaction

Re: Security; AJAX; JSON; Satisfaction

Re: Security; AJAX; JSON; Satisfaction