… | |
… | |
1288 | information you might want to make sure that exceptions thrown by |
1288 | information you might want to make sure that exceptions thrown by |
1289 | JSON::XS will not end up in front of untrusted eyes. |
1289 | JSON::XS will not end up in front of untrusted eyes. |
1290 | |
1290 | |
1291 | If you are using JSON::XS to return packets to consumption by JavaScript |
1291 | If you are using JSON::XS to return packets to consumption by JavaScript |
1292 | scripts in a browser you should have a look at |
1292 | scripts in a browser you should have a look at |
1293 | <http://jpsykes.com/47/practical-csrf-and-json-security> to see whether |
1293 | <http://blog.archive.jpsykes.com/47/practical-csrf-and-json-security/> |
1294 | you are vulnerable to some common attack vectors (which really are |
1294 | to see whether you are vulnerable to some common attack vectors (which |
1295 | browser design bugs, but it is still you who will have to deal with it, |
1295 | really are browser design bugs, but it is still you who will have to |
1296 | as major browser developers care only for features, not about getting |
1296 | deal with it, as major browser developers care only for features, not |
1297 | security right). |
1297 | about getting security right). |
1298 | |
1298 | |
1299 | THREADS |
1299 | THREADS |
1300 | This module is *not* guaranteed to be thread safe and there are no plans |
1300 | This module is *not* guaranteed to be thread safe and there are no plans |
1301 | to change this until Perl gets thread support (as opposed to the |
1301 | to change this until Perl gets thread support (as opposed to the |
1302 | horribly slow so-called "threads" which are simply slow and bloated |
1302 | horribly slow so-called "threads" which are simply slow and bloated |