[nycphp-talk] PHP to ajax variable passing problem

csnyder chsnyder at
Fri Aug 10 14:57:42 EDT 2007

On 8/9/07, Dell Sala <dell at> wrote:
> provides a json decoder for javascript. I've always used
> this instead of eval. This will only parse the json subset, and will
> fail for other arbitrary javascript.

That script makes it _much_ safer to parse untrusted json, and if
there was any way to exploit it at all, someone would have found it by
now.... but it still uses eval().

Chris Snyder

More information about the talk mailing list