Comments on: Safe JSON

By: JavaScript Vulnerabilities – From GWT(Google web toolkit) | Little knowledge is dangerous

Thu, 29 Jul 2010 01:05:39 +0000

[...] Safe JSON [...]

By: JSON is not as safe as people think it is « Dogfeeds��IT Telescope

JSON is not as safe as people think it is « Dogfeeds��IT Telescope — Wed, 10 Jun 2009 03:44:48 +0000

[...] saw some discussion recently about using JSON for secured data, and I’m not sure that everyone understands the [...]

By: Tagz | "robubu � Safe JSON" | Comments

Tagz | "robubu � Safe JSON" | Comments — Sat, 16 May 2009 17:07:35 +0000

[...] [upmod] [downmod] robubu � Safe JSON (robubu.com) 0 points posted 10 months, 1 week ago by jeethu tags webdev json javascript [...]

By: David-Sarah Hopwood

David-Sarah Hopwood — Tue, 20 Jan 2009 07:28:34 +0000

“The attack that was used in the post you referenced relied on the JSON being in ().”

No it didn’t, as far as I can see.

By: Rob Yates

Rob Yates — Sun, 11 May 2008 23:18:50 +0000

David-Sarah,

it’s not out of date yet. The attack that was used in the post you referenced relied on the JSON being in ().

By: David-Sarah Hopwood

David-Sarah Hopwood — Wed, 07 May 2008 00:37:14 +0000

So, given http://getahead.org/blog/joe/2007/03/06/json_is_not_as_safe_as_people_think_it_is_part_2.html
isn’t the advice to use a “Serialized Object” rather than “Array” at the top-level, completely out-of-date?

By: Bram.us » My note to myself : Prototype.js vs. JSON.js : 1 - 0 (or JSON.js considered evil)

Mon, 04 Jun 2007 19:21:12 +0000

[...] with the same issues out there! Don’t get me wrong, I’m not considering JSON dangerous (is it?) as JSON greatly has improved my life as a webnerd, but merely am condemning the javascript [...]

By: Jaisen's Blog

Jaisen's Blog — Thu, 12 Apr 2007 15:37:38 +0000

Securing apps that use JSON…

Douglas Crockford (wikidpedia) wrote a blog post on the Yahoo! User Interface Blog about securing web applications that use JSON. The insecurity of JSON has been a hot topic on numerous blogs (here, here and here). In Douglas’ blog post he….

By: jpsykes » Practical CSRF and JSON Security

jpsykes » Practical CSRF and JSON Security — Wed, 21 Mar 2007 18:28:01 +0000

[...] For some reason Q1 2007 was JSON security panic quarter. The web is a light with blog posts, discussion forum hysteria, tech. articles about JSON. The debate is swinging back and forth. But what does it all mean, what is CSFR. [...]

By: jpsykes » From March 14th to March 15th I looked at…

jpsykes » From March 14th to March 15th I looked at… — Tue, 20 Mar 2007 17:19:36 +0000

[...] Safe JSON [...]