Re: yaml/xml/json, POST data, bloodcurdling terror

From: Eric Phetteplace <phette23_at_nyob>
Date: Fri, 18 Dec 2015 09:48:49 -0800
To: CODE4LIB_at_LISTSERV.ND.EDU 
Agreed, I thought the JSON criticism was a bit of stretch. It's hilarious
that json.org, *created by Douglas Crockford*, mentions using eval() as a
JSON parser, though.

Best,
Eric

On Thu, Dec 17, 2015 at 8:42 PM, Brian Hoffman <brianjhoffman_at_gmail.com>
wrote:

> Thanks, this was interesting. But the JSON segment is a little less than
> terrifying as it’s predicated on the misuse of eval(), which is commonly
> and easily avoided.
>
>
> > On Dec 17, 2015, at 11:00 PM, CODE4LIB automatic digest system <
> LISTSERV_at_LISTSERV.ND.EDU> wrote:
> >
> >
> > Date:    Thu, 17 Dec 2015 09:22:07 -0500
> > From:    Andromeda Yelton <andromeda.yelton_at_GMAIL.COM <mailto:
> andromeda.yelton_at_GMAIL.COM>>
> > Subject: yaml/xml/json, POST data, bloodcurdling terror
> >
> > I strongly recommend this hilarious, terrifying PyCon talk about
> > vulnerabilities in yaml, xml, and json processing:
> > https://www.youtube.com/watch?v=kjZHjvrAS74 <
> https://www.youtube.com/watch?v=kjZHjvrAS74>
> >
> > If you process user-submitted data in these formats and don't yet know
> why
> > you should be flatly terrified, please watch this ASAP; it's
> illuminating.
> > If you *do* know why you should be terrified, watch it anyway and giggle
> > along in knowing recognition, because the talk is really very funny.
> >
> > --
> > Andromeda Yelton
> > Board of Directors, Library & Information Technology Association:
> > http://www.lita.org <http://www.lita.org/>
> > http://andromedayelton.com <http://andromedayelton.com/>
> > @ThatAndromeda <http://twitter.com/ThatAndromeda <
> http://twitter.com/ThatAndromeda>>
>
Received on Fri Dec 18 2015 - 12:50:08 EST

URL: http://serials.infomotions.com/code4lib/