←back to thread

JSON Patch

(zuplo.com)
299 points DataOverload | 1 comments | 17 Oct 24 17:46 UTC | HN request time: 0s | source
Show context
hyperhello ◴[18 Oct 24 16:47 UTC] No.41881157[source]
What’s nice about JSON is that it’s actually valid JavaScript, with some formal specification to avoid any nasty circles or injections.

Why can’t your protocol just be valid JavaScript too? this.name = “string”; instead of mixing so many metaphors?

replies(2): >>41881202 #>>41881252 #
royjacobs ◴[18 Oct 24 16:52 UTC] No.41881202[source]
Because that would require consumers to have a Javascript interpreter to use it.
replies(1): >>41881260 #
moralestapia ◴[18 Oct 24 16:57 UTC] No.41881260[source]
Because that would require consumers to have an interpreter for the most widely deployed language, ever, and by far.

FTFY

replies(3): >>41881372 #>>41881376 #>>41881821 #
yawnxyz ◴[18 Oct 24 17:08 UTC] No.41881372[source]
security nightmare; sometimes you don't want consumers to execute code arbitrarily
replies(3): >>41881442 #>>41881505 #>>41883816 #
moralestapia ◴[18 Oct 24 17:15 UTC] No.41881442{3}[source]
Not true. Google, Meta, ... do it at a massive scale, no issues.

It's not really hard to protect yourself against that.

Any (competent) security guy can give you like 4 ways to implement it properly.

replies(2): >>41882391 #>>41884807 #
1. rererereferred ◴[18 Oct 24 18:58 UTC] No.41882391{4}[source]
Do you mean the ads they serve that contain malware?