Many a website has been zapped...
Could you elaborate? "Zapping" a web site would normally happen on the server, but how (or why) would you "eval" a JSON string server-side? As JSON is JavaScript, it can only be directly eval-ed by a JS interpreter. Sure you could run a JS interpreter server-side, but more typically, JS is used for client-side code, where eval-ing a malicious JSON string would unlikely have the effect of zapping the site... (at least it ought not be able to, as you can't really control what people do client-side anyway).
| [reply] |