1

Someone says here that it would open to attack How do you serialize javascript objects with methods using JSON

This is a rather superficial answer for me because why would it would more open to attack than classical ajax call ? Is the guy just against Ajax ?

It's not about transmitting code to be executed to the server, it's about transmitting code to the client and it's in javascript I can't see how it's more dangerous than ajax since ajax is just doing that but statically instead of dynamically.

Improve this question

1 Answer 1

Reset to default
3

Transmitting code which will be evaluated from the client to the server introduces an attack vector because client-side code can be changed by a malicious user. The danger isn't that the wrong kind of data is being transmitted, but that untrustworthy programs are being executed. It has nothing to do with being for or against Ajax.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

It's not about transmitting code to be executed to the server, it's about transmitting code to the client and it's in javascript I can't see how it's more dangerous than ajax since ajax is just doing that but statically instead of dynamically.
@user310291, huh? Staale wrote, "If you intend to run the code serverside, you open yourself to attacks." There is already a better means to deliver methods to a client: <script>

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.