| ▲ | motorest a day ago |
| > I feel like not understanding why JSON won out is being intentionally obtuse. JSON can easily be hand written, edited, and read for most data. You are going way out of your way to try to come up with ways to rationalize why JSON was a success. The ugly truth is far simpler than what you're trying to sell: it was valid JavaScript. JavaScript WebApps could parse JSON with a call to eval(). No deserialization madness like XML, no need to import a parser. Just fetch a file, pass it to eval(), and you're done. |
|
| ▲ | nextaccountic 14 hours ago | parent | next [-] |
| In other words, the thing that made JSON initially succeed was also a giant security hole |
| |
| ▲ | motorest 13 hours ago | parent [-] | | > In other words, the thing that made JSON initially succeed was also a giant security hole Perhaps, but it's not a major concern when you control both the JavaScript frontend and whatever backend it consumes. In fact, arguably this technique is still pretty much in use today with the way WebApps get a hold of CSRF tokens. In this scenario security is a lesser concern than, say, input validation. |
|
|
| ▲ | jaapz 20 hours ago | parent | prev | next [-] |
| But also, all the other reasons written by the person you replied to |
| |
| ▲ | motorest 13 hours ago | parent [-] | | > But also, all the other reasons written by the person you replied to Not really. JSON's mass adoption is tied to JavaScript's mass adoption, where sheer convenience and practicality dictates it's whole history most of the current state. Sending JavaScript fragments from the backend is a technique that didn't really stopped being used just because someone rolled out a JSON parser. I think some people feel compelled to retroactively make this whole thing more refined and elegant because for some the ugly truth is hard to swallow. |
|
|
| ▲ | amne a day ago | parent | prev [-] |
| it's in the name after all: [j]ava[s]cript [o]bject [n]otation |
