On Mon, 25 Mar 2013 21:23:59 +0100, Steve Newcomb srn@coolheads.com wrote:
If you use a Python interpreter to read JSON data, as many do, anything can happen. I'm not sure that's relevant to Mediawiki, but it could be relevant, particularly in a case where the data may outlive the original software. It's easy to embed a virus in a large JSON dataset. There is no such inherent risk in XML; XML is not a programming language (despite the awkward ways in which XSLT can be abused).
False. This is a feature of some parsers (and which should - and AFAIK is in Python - be disabled by default), which sadly mistake JSON for a data serialization format, when it's merely a data interchange one.
Thse parsers allow certain JSON data (usually with specially formatted keys) to be parsed into arbitrary language constructs in addition to the well-known and expected arrays and maps. But again, this isn't a feature of JSON itself (if anything, it speaks of its versatility), and is as far as I can see completely irrelevant here.