Is the escaping provided by the Google-Gson library enough to ensure a safe JSON payload?

Posted by Lifetime_Learner on Programmers See other posts from Programmers or by Lifetime_Learner
Published on 2012-11-16T15:30:27Z Indexed on 2012/11/16 17:16 UTC
Read the original article Hit count: 245

Filed under:
|
|
|

I am currently using the Google-Gson library to convert Java objects into JSON inside a web service.

Once the object has been converted to JSON, it is returned to the client to be converted into a JSON object using the JavaScript eval() function. Is the character escaping provided by the Gson library enough to ensure that nothing nasty will happen when I run the eval() function on the JSON payload?

Do I need to HTML Encode the Strings in the Java Objects before passing them to the Gson library? Are there any other security concerns that I should be aware of?

© Programmers or respective owner

Related posts about java

Related posts about JavaScript