… | |
… | |
1412 | information you might want to make sure that exceptions thrown by JSON::XS |
1412 | information you might want to make sure that exceptions thrown by JSON::XS |
1413 | will not end up in front of untrusted eyes. |
1413 | will not end up in front of untrusted eyes. |
1414 | |
1414 | |
1415 | If you are using JSON::XS to return packets to consumption |
1415 | If you are using JSON::XS to return packets to consumption |
1416 | by JavaScript scripts in a browser you should have a look at |
1416 | by JavaScript scripts in a browser you should have a look at |
1417 | L<http://jpsykes.com/47/practical-csrf-and-json-security> to see whether |
1417 | L<http://blog.archive.jpsykes.com/47/practical-csrf-and-json-security/> to |
1418 | you are vulnerable to some common attack vectors (which really are browser |
1418 | see whether you are vulnerable to some common attack vectors (which really |
1419 | design bugs, but it is still you who will have to deal with it, as major |
1419 | are browser design bugs, but it is still you who will have to deal with |
1420 | browser developers care only for features, not about getting security |
1420 | it, as major browser developers care only for features, not about getting |
1421 | right). |
1421 | security right). |
1422 | |
1422 | |
1423 | |
1423 | |
1424 | =head1 THREADS |
1424 | =head1 THREADS |
1425 | |
1425 | |
1426 | This module is I<not> guaranteed to be thread safe and there are no |
1426 | This module is I<not> guaranteed to be thread safe and there are no |