A. Pagaltzis wrote:
> * Elliotte Harold <elharo@...> [2007-07-17 01:00]:
>> You're not supposed to put stuff arbitrary JavaScript into
>> JSON, but people can and do.
>
> Then it’s not JSON anymore and JSON parsers will choke on it.
> JSON is a computation-free subset of Javascript.
>
Crackers don't play by the rules. They do not send only well-formed
messages that adhere to the spec. Secure software has to be ready for
absolutely any input, not just input that follows the spec.
That XML is so complex that you really need a true parser to handle it
is a feature, not a bug. It discourages and mostly prevents the use of
porr quality, hand-written solutions to handle it. Even in the rare
cases where the solutions are hand-written, they're typically based on
non-Turing complete regex's. No one takes an arbitrary XML document and
throws it into a JavaScript interpreter. People do this with JSON all
the time, and the language was deliberately designed to make this possible.
... Then it’s not JSON anymore and JSON parsers will choke on it. JSON is a computation-free subset of Javascript. (If you wanted to parse it using `eval` in...
... Crackers don't play by the rules. They do not send only well-formed messages that adhere to the spec. Secure software has to be ready for absolutely any...
Elliotte Harold
elharo@...
Jul 21, 2007 12:31 pm
... That's an interesting premise. I think it has some validity, but there is a major consequence. there is effectively one XML parser for Java, Xerces, whose...
... You mean the spec is inconsistent and buggy but because it fits on one page it seems like it's simple on first pass? I hear a lot of the bugs in XMLRPC...
... yep. But it also means you dont need to commit to a SOAP stack vendor, have a toolchain whose whole aim in life is to hide the incoming data, or rely on...
... Sure. All of the software I’ve written to date will spit stuff back out if it purports to be JSON but contains Javascript code. Because *none* of my code...
... Hahstables and arrays are both easy: <hashtable> <entry> <key>foo</key> <value>bar</value> <entry> </hashtable> <array> <entry>1<entry> <entry>45<entry> ...
Elliotte Harold
elharo@...
Jul 12, 2007 9:05 am
... The problem with that is the mindboggling amount of indirection you have introduced. You have an element containing whitespace text nodes and elements, and...
... Then problem being what? This is easy to suck into a Hashtable API if you like. The issue is the APIs, not the markup. JSON is a clever kludge designed to...
Elliotte Harold
elharo@...
Jul 12, 2007 11:25 am
... JS 1.2 actually, not that it matters a whit. Sorry guys, but this back and forwards between the two of you reads like as if you're both arguing over...
... See, I was thinking "vi vs. emacs," myself. Ever the nonconformist, I use pico. And nano, when I really need advanced features. *And* I drive a Toyota that...
... That *is* what I am saying. JSON is good for common data structures, and XML is good for documents. I am not saying JSON is good at everything, at all....
... Well, in fact, JSON is really just JavaScript literal syntax, co-opted for wider usage. I've never been a fan of JSON because you can (unsafely) eval() it...
... That’s not a feature, it’s a waste of time. When I reach for JSON I want to serialise a data structure. I have absolutely zero interest in modelling...
... Serialized formats that are tied to one language are a liability, not a feature. ... Serialized formats that restrict what you can say are a liability. XML...
Elliotte Harold
elharo@...
Jul 13, 2007 12:50 am
Perhaps next we could take up Ford vs. Chevy? Coke vs. Pepsi? PC vs. Mac?...
... I agree very much. Languages are usually defined as a syntax with a semantics. What is needed is to disassociate the syntax from the semantics. If we keep...
... I agree. Good thing that JSON is not. ... When you want to deserialise a data structure, a serialisation format that restricts the data to the deserialised...
I've started and trashed replies to this whole thread almost a dozen times... ... Elliotte, are you serious that this is a bad thing? You are arguing that...
... Very serious. ... Yes, it's ironic, but not wrong. You're quite perceptive to notice the connection, and bring this discussion back on topic. Schema...
Elliotte Harold
elharo@...
Jul 13, 2007 10:10 am
... Now I'm totally lost. I thought REST was an architectural style. Maybe I don't know what you mean by "schema" or "language". -- Paul Winkler ...
... My bad. Somehow I was thinking: "RELAX" and typing REST. I have to go back and reread the original post and see what it said about this. -- Elliotte Rusty...
Elliotte Harold
elharo@...
Jul 16, 2007 2:24 am
I hate to add to this thread, which is probably off-topic for REST-discuss anyhow, but I just ran into a practical example of some of the tradeoffs between XML...
Bob Haugen
bob.haugen@...
Jul 12, 2007 11:37 am
... Turns out, there is: it's called JavaScript. Sure, it's more verbose than XPath (but some would argue that's good). Since JSON translates fairly well...
... Is this uniquely true of JSON? It seems like it's true of XML as well ... if "xAL" creates different forms for different addresses, they're fundamentally ...
... I don't know what I was thinking of. You are correct, of course. I am embarrassed....
Bob Haugen
bob.haugen@...
Jul 14, 2007 6:43 pm
Ok. So this discussion is revealing a lot of confusion between syntax and semantics! Please take a good look at the graph here, to get a simple picture of ...
... JSON is much simpler than the XML Infoset. Are you willing to argue about that? The XML API in use is a red herring. Yes, if you try to do XMLish things...
... Not quite. JSON is the subset of JavaScript that is the simple notation for representing structured data. That contains strings, numbers, booleans, and ...
Send Email
