Permalink
Browse files

Updated JSON docs

  • Loading branch information...
mitsuhiko committed Jun 20, 2011
1 parent 65f9bc7 commit 04f2bbcb15bd7b3accd8e0820b83df1b2207aa24
Showing with 7 additions and 0 deletions.
  1. +7 −0 docs/security.rst
View
@@ -95,6 +95,13 @@ the form validation framework, which does not exist in Flask.
JSON Security
-------------
+.. admonition:: ECMAScript 5 Changes
+
+ Starting with ECMAScript 5 the behavior of literals changed. Now they
+ are not constructed with the constructor of ``Array`` and others, but
+ with the builtin constructor of ``Array`` which closes this particular
+ attack vector.
+
JSON itself is a high-level serialization format, so there is barely
anything that could cause security problems, right? You can't declare
recursive structures that could cause problems and the only thing that

0 comments on commit 04f2bbc

Please sign in to comment.