On 2017-06-16, Ben Finney <ben+pyt...@benfinney.id.au> wrote:
> alister <alister.w...@ntlworld.com> writes:
>
>> Json is designed to be legal Javascript code & therefore directly
>> executable so no parser is posible.
>
> JSON is designed to be *a strictly limited subset* of legal JavaScript
> that only defines data structures. The explicit goal is that it is
> statically parseable as non-executable data.
That doesn't mean that it's reasonable/acceptable practice to eval() a
string from an untrusted source because it _might_ be JSON.
--
Grant Edwards grant.b.edwards Yow! I brought my BOWLING
at BALL -- and some DRUGS!!
gmail.com
--
https://mail.python.org/mailman/listinfo/python-list
