Hellihello

Er verteufelt keine Standards, wenn ich das recht verstehe. Er sucht nach Lösungen, verschiedene Quellen zusammenzuführen mit Hinblick auf etwaige gravierende Sicherheitsprobleme.

-Blockquote/excerpt-

"Mashups are cool. Unfortunately, mashups are insecure."

...

"The problem with mashups is that all scripts look the same to the browser. Virtually all languages suffer from the same problem," Crockford added. This was not anticipated by the original browser makers. "There was no idea in the past that mashups would exist," he said. And scripts that leak from one mashup module to another are a real issue.

While JSON has some inherent safety, developers can mis-apply it.

"A favorite way of misusing JSON is the Script Tag Hack," Crockford said. "Scripts, strangely, are exempt from the Same Origin Policy."

...

Crockford also advised developers not to wrap JSON text in comments. In turn, he recommended that developers use the string.parseJSON method. When this parsing is employed, "evil script" will cause a syntax error exception. That is preferable to some nefarious alternatives.

-/Blockquote-

aus http://searchsoftwarequality.techtarget.com/originalContent/0,289142,sid92_gci1280688,00.html

Dank und Gruß,

frankx