
Rfc8259: JSON Data Interchange Format – 12. Security Considerations - stojano
https://tools.ietf.org/html/rfc8259#section-12
======
rurban
Of course they forgot the real security implications with json, eval should be
the least of the worries. See for comparison
[https://metacpan.org/pod/Cpanel::JSON::XS#SECURITY-
CONSIDERA...](https://metacpan.org/pod/Cpanel::JSON::XS#SECURITY-
CONSIDERATIONS)

and they didn't fix the outstanding problems in the spec. still the simpliest
and most secure transport protocol of all.

~~~
zamadatix
They didn't "forget" rather those security issues have nothing to do with JSON
itself. Probably the only reason section 12 made it into the document was to
highlight that, unlike most derived standards, you should not parse this
directly in the parent domain.

IETF standards documents avoid going off on tangents, if one were about safety
issues in a car it'd talk about airbag requirements not how the driver should
perform evasive maneuvers.

