application/json - additional security concern?
Graham Klyne
GK-lists at ninebynine.org
Fri Apr 13 14:15:17 CEST 2007
Regarding:
http://www.ietf.org/rfc/rfc4627.txt
I recently noticed a blog entry and claim of a potential security vulnerability
with application/json data, posted here:
http://bob.pythonmac.org/archives/2007/04/05/fortify-javascript-hijacking-fud/
I've not analyzed the details, but there's a clear implication of a potential
but easily defended route to exploitation in some browsers.
One of the examples in RFC 4627 (the array example) appears to be of a form that
the article claims is vulnerable.
#g
--
Graham Klyne
For email:
http://www.ninebynine.org/#Contact
More information about the Ietf-types
mailing list