orbit-oss/flask
4
4
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Updated JSON docs

Browse source
This commit is contained in:
Armin Ronacher 2011-06-20 08:27:23 +02:00
parent 65f9bc7b22
commit 04f2bbcb15
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
docs/security.rst
View file

@ -95,6 +95,13 @@ the form validation framework, which does not exist in Flask.
JSON Security
-------------
.. admonition:: ECMAScript 5 Changes
Starting with ECMAScript 5 the behavior of literals changed. Now they
are not constructed with the constructor of ``Array`` and others, but
with the builtin constructor of ``Array`` which closes this particular
attack vector.
JSON itself is a high-level serialization format, so there is barely
anything that could cause security problems, right? You can't declare
recursive structures that could cause problems and the only thing that