Yogesh_D
Reputation: 18764
Would you consider this JSON.parse behaviour to be a vulnerability
If you evaluate the below Javascript snippet it will pop an alert box.
JSON.parse('{"sometext'-alert(document.domain,document.URL)-'":"somevalue"}');the fix would to make sure that the string if coming from an untrusted source is to be sanitized/escaped. However I would have the JSON.parse method just error out saying that this is not a valid JSON string. Why is that code being executed.
Upvotes: 0
Views: 1390
Answers (1)
T.J. Crowder
Reputation: 1074238
You can't cause that behavior if your starting point is a string. Your starting point is JavaScript code, and what you have just uses JavaScript code in the process of creating a string, exactly like this with no JSON in sight:
const str = '"sometext'-alert(document.domain,document.URL)-'"';So no, there's no JSON-based vulnerability here. If you're running code you get from elsewhere, that's the vulnerability.
Upvotes: 1
Related Questions
- Weird JSON parsing behavior in js, "Unexpected token :"
- Javascript JSON unknown behavior
- Bug with Javascript's JSON.parse?
- JSON parsing incorrectly
- Strange JSON parsing bug of jQuery
- security issue, when an json element contains html?
- Can JSON.parse() indicate a valid JSON format?
- Are there any injection vulnerabilities in JSON?
- An odd json usage
- JSON Parsing Weirdness - Broken or Just Slow?