root
/
flask
mirror of https://github.com/pallets/flask.git
1
0
Fork 0
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Updated JSON docs

This commit is contained in:
Armin Ronacher 2011-06-20 08:27:23 +02:00
parent 65f9bc7b22
commit 04f2bbcb15
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/security.rst
View File

@ -95,6 +95,13 @@ the form validation framework, which does not exist in Flask.
JSON Security
-------------
.. admonition:: ECMAScript 5 Changes
Starting with ECMAScript 5 the behavior of literals changed. Now they
are not constructed with the constructor of ``Array`` and others, but
with the builtin constructor of ``Array`` which closes this particular
attack vector.
JSON itself is a high-level serialization format, so there is barely
anything that could cause security problems, right? You can't declare
recursive structures that could cause problems and the only thing that