 |
 |
Well, if you mean "terrified" as in "Ought to learn about security and input sanitization," I agree. If you mean it as in "should never use json/xml," then I disagree. JSON is a great way to store and move data, especially on the web. To summarize the security part for those new to it: Any time user-submitted data passes to you, you need to clean it. Otherwise it might include nasty code that injects itself in your database, in your code, in visitor's webpages that view it, steals cookies and pretends to be someone else, runs an fake-clicking service, etc. If you can't ensure you can properly clean it, for example because arbitrary HTML or Javascript is the intended input you're gathering, then you need to sandbox it whenever it's presented, like jsfiddle.net does.