Simon Willison’s Weblog

Triplr. Ultra simple GET-based web service for converting RSS / Atom / RDF / Microformats+GRDDL to HTML / ntriples / RDF / RSS / JSON / Turtle. Small pieces, loosely joined.

# 30th March 2007, 3:30 pm / atom, grddl, html, json, microformats, ntriples, rdf, rss, semanticweb, triplr, turtle

JSON and JSON-RPC for Erlang. Nice example of using lists:reverse and an accumulator to efficiently build a string in reverse order.

# 25th March 2007, 4:29 pm / erlang, json, jsonrpc

Security; AJAX; JSON; Satisfaction. The JSON attack I linked to earlier only works against raw arrays, which technically aren’t valid JSON anyway.

# 6th March 2007, 8:06 am / json, security, xss

JSON is not as safe as people think it is. Joe Walker reminds us that even authenticated JSON served without a callback or variable assignment is vulnerable to CSRF in Firefox, thanks to that browser letting you redefine the Array constructor.

# 5th March 2007, 10:51 pm / csrf, joe-walker, json, security

json-taglib. Because JSON just doesn’t have enough angle brackets.

# 4th March 2007, 8:52 pm / json, jsp, xml

Safe JSON (via) Subtle but important point about JSON APIs: you shouldn’t use a callback or variable assignment for JSON incorporating private user data, especially if it’s at a predictable URL.

# 2nd March 2007, 1:11 pm / json, security