Is the escaping provided by the Google-Gson library enough to ensure a safe JSON payload?
Posted
by
Lifetime_Learner
on Programmers
See other posts from Programmers
or by Lifetime_Learner
Published on 2012-11-16T15:30:27Z
Indexed on
2012/11/16
17:16 UTC
Read the original article
Hit count: 245
I am currently using the Google-Gson library to convert Java objects into JSON inside a web service.
Once the object has been converted to JSON, it is returned to the client to be converted into a JSON object using the JavaScript eval() function. Is the character escaping provided by the Gson library enough to ensure that nothing nasty will happen when I run the eval() function on the JSON payload?
Do I need to HTML Encode the Strings in the Java Objects before passing them to the Gson library? Are there any other security concerns that I should be aware of?
© Programmers or respective owner