JSON and the cyclical data structures...

[Luke Matuszewski]

Douglas Crockford napisal(a):

4) Use a real JSON encoder on the server.

A Samy attack is only possible with JSON if there are two blunders in
the server implementation:

A) Don't properly validate data from the client.
B) Don't properly encode the JSON text.

If you avoid either one of those, JSON is safe. You should always
validate and encode properly. For example, taking a string from the
database and simply concatenating quotes to it does not properly
encode a JSON string. It is necessary to make sure that quotes within
it are properly escaped.

JSON.parse is for that - to be sure that received data (both on
client-side or server-side) are JSON data and nothing more.

Using JSON on client-side is extremly easy with JavaScript (and with
Perl on server-side - since Perl has very similar structures) <- it is
the main argument for me to use JSON in HTTP response which will land
in XmlHttpRequest responseText property. Using XML would require to
build algorithm to traverse data/build object. So i asked myself what
for ? if i have JSON then there it is - on one hand !

Yes, using JSON parse every time when i receive data on responseText
would be nessesery to build code that will not break or even do
somthing that i would not want it to do (see all replies above).

Another thing which made me to use JSON is its Java Implementation - i
can build JSONObject in Java code and build structures around it so as
a final step i use toString() - to post string to the client (UA) to
land in responseText....

And that two main reasons to use it - simplicity (XML need parsing and
require to use DOM methods to access its data - well or parse it
manually )) ).

Best Regards.
Luke.