9 Oct
2015
9 Oct
'15
8:53 a.m.
I was reading about Stored XSS via AJAX on Web Application Exploits and Defenses | | | | | | | | | | | Web Application Exploits and DefensesCross-Site Scripting(XSS) | | | | View on google-gruyere.apps... | Preview by Yahoo | | | | | where it says " Second, in the browser, Gruyere converts the JSON by usingJavascript's eval. In general, eval is verydangerous and should rarely be used. If it used, it must be used verycarefully, which is hardly the case here. We should be using the JSONparser which ensures that the string does not include any unsafecontent. The JSON parser is availableat json.org." So I'm wondering what does Dancer do? eval or uses a parser?