Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

JSON, as the name suggests, is easily and natively consumable by JavaScript, the only language to run natively in web browsers.

And everyone uses a web browser.

Ergo, if you develop an HTTP API, you should do it with JSON so it can work easily in web browsers.



Can you elaborate please?

Browsers had native XMLHttp support before they had JSON support.

The fact JSON (use to be) a subset of JavaScript and the browser runs JavaScript natively is not convincing.

Other than evil eval(jsonString) (before JSON.parse was available) which is basically asking for XSS, what benefit you get from JSON being consumable by JavaScript?

I think XMLHttp was available in browsers (in a vendor specific annoying way perhaps but still available) way before JSON.parse was available... am I missing something?


The XML in XMLHttpRequest is meaningless.

eval() was present from day 1 and is the reason JSON looks like it does. Obviously it requires complete trust in the source (historically, the same origin).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: