JSON is not as safe as people think it is. Joe Walker reminds us that even authenticated JSON served without a callback or variable assignment is vulnerable to CSRF in Firefox, thanks to that browser letting you redefine the Array constructor.
Recent articles
- LLM 0.22, the annotated release notes - 17th February 2025
- Run LLMs on macOS using llm-mlx and Apple's MLX framework - 15th February 2025
- URL-addressable Pyodide Python environments - 13th February 2025