Is parsing a submitted JSON object safe?

I have a RESTful API, built in NODE.js that does what you would expect it to: consumes data and then makes it accessible. Currently, data being submitted to my server is nested form data:

data[0][username]=...
data[0][email]=...
data[0][phone]=...
...
data[12][username]=...
data[12][email]=...
data[12][phone]=...

or as a query string

data[0][username]=...&data[0][email]=...&data[0][phone]=...

SO when I parse it on the server, I get a JS array of objects with those particular fields. What I am wondering is, is it safe for me accept a string that I can JSON.parse and the process it?

data=(some stringified json object)

I am unsure if it's possible for malicious code or anything to be included in the JSON object that would blow up my server once run through a parser

Thanks.

• funkatron.com/posts/safely-parsing-json-in-javascript.html tl;dr: use safe JSON parsers; avoid using eval.

  Robert Harvey

  – Robert Harvey

  2014年04月02日 02:38:34 +00:00

  Commented Apr 2, 2014 at 2:38
• @RobertHarvey, I think the question is what sort of mischief could be expected even if a safe JSON parser is used.

  Jeffrey Hantin

  – Jeffrey Hantin

  2014年04月02日 02:56:43 +00:00

  Commented Apr 2, 2014 at 2:56
• @JeffreyHantin You are correct, but Robert Harvey's answer is more or less exactly what I was looking for. Any additional implications are true for any data interchange system for format. Thank you both.

  rpaskett

  – rpaskett

  2014年04月02日 03:46:01 +00:00

  Commented Apr 2, 2014 at 3:46

1 Answer 1

Start asking to get answers

Find the answer to your question by asking.

Explore related questions

See similar questions with these tags.