| … | |
… | |
| 1412 | information you might want to make sure that exceptions thrown by JSON::XS |
1412 | information you might want to make sure that exceptions thrown by JSON::XS |
| 1413 | will not end up in front of untrusted eyes. |
1413 | will not end up in front of untrusted eyes. |
| 1414 | |
1414 | |
| 1415 | If you are using JSON::XS to return packets to consumption |
1415 | If you are using JSON::XS to return packets to consumption |
| 1416 | by JavaScript scripts in a browser you should have a look at |
1416 | by JavaScript scripts in a browser you should have a look at |
| 1417 | L<http://jpsykes.com/47/practical-csrf-and-json-security> to see whether |
1417 | L<http://blog.archive.jpsykes.com/47/practical-csrf-and-json-security/> to |
| 1418 | you are vulnerable to some common attack vectors (which really are browser |
1418 | see whether you are vulnerable to some common attack vectors (which really |
| 1419 | design bugs, but it is still you who will have to deal with it, as major |
1419 | are browser design bugs, but it is still you who will have to deal with |
| 1420 | browser developers care only for features, not about getting security |
1420 | it, as major browser developers care only for features, not about getting |
| 1421 | right). |
1421 | security right). |
| 1422 | |
1422 | |
| 1423 | |
1423 | |
| 1424 | =head1 THREADS |
1424 | =head1 THREADS |
| 1425 | |
1425 | |
| 1426 | This module is I<not> guaranteed to be thread safe and there are no |
1426 | This module is I<not> guaranteed to be thread safe and there are no |
