Please create an account to participate in the Slashdot moderation system


Forgot your password?
Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

Comment Validation (Score 1) 142

Always validate what you run through eval()!

While not fool proof, making sure that what you got back from the server is JSON, and not a string of malicious code is paramount.

And guess what, such things already exist.

Granted, this doesn't prevent someone from embedding that same malicious code in valid object code that appears identical to what you expect as a server result, but its a huge step in the right direction.

"Of course power tools and alcohol don't mix. Everyone knows power tools aren't soluble in alcohol..." -- Crazy Nigel