| ▲ | nextaccountic 14 hours ago | |
In other words, the thing that made JSON initially succeed was also a giant security hole | ||
| ▲ | motorest 13 hours ago | parent [-] | |
> In other words, the thing that made JSON initially succeed was also a giant security hole Perhaps, but it's not a major concern when you control both the JavaScript frontend and whatever backend it consumes. In fact, arguably this technique is still pretty much in use today with the way WebApps get a hold of CSRF tokens. In this scenario security is a lesser concern than, say, input validation. | ||