#6805 closed bug (invalid)
RegExp test inside jQuery.parseJSON returns false positives
Reported by: | ngiesen | Owned by: | |
---|---|---|---|
Priority: | Milestone: | 1.4.3 | |
Component: | ajax | Version: | 1.4.2 |
Keywords: | Cc: | ||
Blocked by: | Blocking: |
Description
Objects and arrays with trailing comma's are let through by the testing RegExp, and even stuff like
var data = '{"foo":true,}{]';
( /[\],:{}\s]*$/.test(data.replace(/
(?:["
\/bfnrt]|u[0-9a-fA-F]{4})/g, "@")
.replace(/(?:|:|,)(?:\s*\[)+/g, "")) )
yields true.
Change History (1)
comment:1 Changed 13 years ago by
Component: | unfiled → ajax |
---|---|
Resolution: | → invalid |
Status: | new → closed |
Summary: | RegExp test inside jQuery.jsonParse returns false positives → RegExp test inside jQuery.parseJSON returns false positives |
Note: See
TracTickets for help on using
tickets.
The goal of that RegExp is to ensure that no malicious/mutating code is executed, not to recognize all invalid JSON. You can see some documentation here:
http://www.json.org/json2.js
http://api.jquery.com/jQuery.parseJSON/
It's just a matter of the specific error message thrown, which depends on the browser.