Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment: Validation (Score 1) 142

by jabberwocky_rt (#15068986) Attached to: Is Your AJAX App Secure?
Always validate what you run through eval()!

While not fool proof, making sure that what you got back from the server is JSON, and not a string of malicious code is paramount.

And guess what, such things already exist.

Granted, this doesn't prevent someone from embedding that same malicious code in valid object code that appears identical to what you expect as a server result, but its a huge step in the right direction.

It's time to boot, do your boot ROMs know where your disk controllers are?

Working...