root
/
flask
mirror of https://github.com/pallets/flask.git
1
0
Fork 0
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Updated JSON docs

This commit is contained in:
Armin Ronacher 2011-06-20 08:27:23 +02:00
parent 65f9bc7b22
commit 04f2bbcb15
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/security.rst
View File

@ -95,6 +95,13 @@ the form validation framework, which does not exist in Flask.
JSON Security JSON Security
------------- -------------
.. admonition:: ECMAScript 5 Changes
Starting with ECMAScript 5 the behavior of literals changed. Now they
are not constructed with the constructor of ``Array`` and others, but
with the builtin constructor of ``Array`` which closes this particular
attack vector.
JSON itself is a high-level serialization format, so there is barely JSON itself is a high-level serialization format, so there is barely
anything that could cause security problems, right? You can't declare anything that could cause security problems, right? You can't declare
recursive structures that could cause problems and the only thing that recursive structures that could cause problems and the only thing that