Comment #1 on issue 372 by dbjdbj: Tweak JSON implementation to conform to
ES5
http://code.google.com/p/v8/issues/detail?id=372
This can be a really BIG issue.
It is puzzling and worrying.
I am (right now) using CHROME 4.0.228.1.dev
The issue is that window.JSON.parse does allow non-standard (aka illegal)
JSON
strings to be parsed ! For example :
window.JSON.parse("{ '[]' : 1 }") // works ?!
window.JSON.parse("{ 'document.writlen(\"BANG!\")' : 1 }") // works !!
This poses a problem to cross-browser javascript library developers.
This is also a security loophole ...
Any ideas why is this allowed ?
Thanks: [email protected]
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
