Well, if you mean "terrified" as in "Ought to learn about security and
input sanitization," I agree. If you mean it as in "should never use
json/xml," then I disagree. JSON is a great way to store and move data,
especially on the web.
To summarize the security part for those new to it: Any time user-submitted
data passes to you, you need to clean it. Otherwise it might include nasty
code that injects itself in your database, in your code, in visitor's
webpages that view it, steals cookies and pretends to be someone else, runs
an fake-clicking service, etc. If you can't ensure you can properly clean
it, for example because arbitrary HTML or Javascript is the intended input
you're gathering, then you need to sandbox it whenever it's presented, like
jsfiddle.net does.
|