Skip to main content

Posts

Showing posts from December, 2012

Data leakage in JSON

A web application is sending data in this format: {"t":1,"p":1,"r":1,"rows":[{"i":0,"c":["n","H, C","A","5","T","n"]}]} this is a valid JSON, before moving on lets understand an important concept: 1. Javscript expression 2. javascript statement javscript expressions are not executed by javascript parser, but statements are: for ex: <script> {"t":1,"p":1,"r":1,"rows":[{"i":0,"c":["n","H, C","A","5","T","n"]}]} </script> this will not be executed, that is, objects won't be created. The above example is for a javascript expression. But now when it is converted into a statement as given below: <script> [{"t":1,"p":1,"r":1,"rows":[{"i":0,"c":[&qu