Re: seemingly misleading verbiage in the documentation...

parseLenient only uses eval(), not only as a fallback. This is because JSON is stricter than JavaScript's object literal notatio: in JSON, object property names must be quoted; JS can include comments, etc. JSON.parse cannot parse those JS literal objects that do not quote property names and/or include comments, for instance.

And of course, parseLenient could execute code, including both "safe" things such as new Date(sometimestamp) and "unsafe" ones such as alert("hello") or much, much worse!

--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.