A few more deviations in JSON.stringify
douglas at crockford.com
Fri Jun 5 13:35:03 PDT 2009
Oliver Hunt wrote:
> specified behaviour of the abstract operation Quote in section 15.12.3
> states that only characters with a unicode number less than or equal to
> 0x1f should be escaped. My testing found that json2.js escapes a number
> of other ranges of characters in unicode:
> Should json2.js be considered right in this behaviour?
There is a problem in E3 and its implementations where some characters can be
deleted. This can cause
to be replaced with
during JSON2's eval phase, which could allow evil script injection.
This is not a problem for ES5's JSON.parse.
More information about the es-discuss