Simon Willison’s Weblog

Items tagged security, douglascrockford in 2007

Filters: Year: 2007 × security × douglascrockford ×


In the long term, I want to replace JavaScript and the DOM with a smarter, safer design. In the medium term, I want to use something like Google Gears to give us vats with which we can have safe mashups. But in the short term, I recommend that you be using Firefox with No Script. Until we get things right, it seems to be the best we can do.

Douglas Crockford # 7th November 2007, 3:36 pm

JSON and Browser Security. Douglas Crockford suggests using secret tokens to protect JSON content, and avoiding wrapper hacks to protect unauthorised JSON delivery as they may fall foul of undiscovered browser bugs in the future. # 11th April 2007, 12:52 am