Opened 12 years ago
Closed 11 years ago
#531 closed defect (fixed)
Don't eval() JSON responses.
| Reported by: | jng | Owned by: | madair |
|---|---|---|---|
| Priority: | P2 | Milestone: | Future |
| Component: | Core | Version: | 2.0 |
| Severity: | Major | Keywords: | |
| Cc: | Browser: | All | |
| External ID: | Operating System: | All | |
| state: | New |
Description
It's 2012, we don't have to use the insecure eval() to process JSON anymore. Most browsers support JSON.parse(). Those that don't can use a tiny shim library that provides this API
Note:
See TracTickets
for help on using tickets.
For the browsers we want to support, JSON.parse is available. Only unsupported browsers (IE7 and older) will still take the eval() route.