Grant Edwards <grant.b.edwa...@gmail.com> writes: > On 2017-06-16, Ben Finney <ben+pyt...@benfinney.id.au> wrote: > > JSON is designed to be *a strictly limited subset* of legal > > JavaScript that only defines data structures. The explicit goal is > > that it is statically parseable as non-executable data. > > That doesn't mean that it's reasonable/acceptable practice to eval() a > string from an untrusted source because it _might_ be JSON.
Yes. We appear to be in firm agreement. -- \ “It is always a silly thing to give advice, but to give good | `\ advice is absolutely fatal.” —Oscar Wilde, _The Portrait of Mr. | _o__) W. H._, 1889-07 | Ben Finney -- https://mail.python.org/mailman/listinfo/python-list
