[Project_owners] Javascript (de)serialization question

Adam Judson adamsplugins at gmail.com
Mon Mar 13 09:48:11 EST 2006

On 13/03/06, Nickolay Ponomarev <asqueella at gmail.com> wrote:
> > >> Do you care/need to know if the data is maliciously changed to include
> > >> new functions that will now run inside chrome in your extension?
> > >
> > > No.
> >
> I thought about before deciding to use toSource/eval, and decided that
> I don't care about this problem.

I agree that if values are stored in preferences, there is not
additional risk.  From Eric's initial description I wasn't sure that
the storage was local (or was going to remain local at least).  e.g.
can I export the settings and send them to a friend/post them in a

But in general, people don't think about security as much as they should...

On that note, is there a generic library I could use to [un]serialize
to/from xml?


More information about the Project_owners mailing list