Is JSON better than XML? is an interesting read. JSON is the new kid for portable data transfer and while JSON derives from Javascript there is JSON parser support in other languages. The posting goes over pro's and con's of using JSON or XML. It appears in this analysis that the big primo advantage of JSON is that browsers have an easier time using it, since XML support on browsers is "spotty" and XML support anywhere means using the DOM model which is a bit klunky. However XML has some glaring advantages what with XPath and XSLT offering powerful ways to sift through XML datasets and transform them to other formats.
Suggests to me a model of using XML for server-server interchange, and then using XSLT to transform it to JSON when squirting data to a browser.
But then he gets to security. JSON relies on using eval() to run javascript commands and that squirts out a javascript object. Um.. that looks like a gaping security problem because that JSON could contain anything and a nefarious website operator (phishing anyone?) could wreak havoc. Maybe.
He does claim that XML data is secure because There is never a possibility that parsing XML data will result in code being executed. ... uh, gee, I have been looking at SVG files recently and the W3C official SVG test suite contains SVG files that use Javascript to do animation. It appears to me that in some instances XML files do contain executable code.
David Herron:
David Herron is a writer and software engineer focusing on the wise use of technology. He is especially interested in clean energy technologies like solar power, wind power, and electric cars. David worked for nearly 30 years in Silicon Valley on software ranging from electronic mail systems, to video streaming, to the Java programming language, and has published several books on Node.js programming and electric vehicles.
