abhisheksharma85 / gwtprojsonserializer

Automatically exported from code.google.com/p/gwtprojsonserializer
0 stars 0 forks source link

(De-)Serializer Security #35

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. General security question: see information below
2.
3.

What is the expected output? What do you see instead?
-

What version of the product are you using? On what operating system?
1.0.5-SNAPSHOT on Ubuntu

Please provide any additional information below.
Before using the JSONParser you should be aware that the JSON is safe, because 
the JSONParser uses the 'evil' eval function and could execute evil code in 
that JSON.
Here is the source: 
http://www.gwtproject.org/articles/security_for_gwt_applications.html

Do one has to check the passed JSON (for contained scripts maybe) before 
passing this JSON to your deserializer or do you make some checks, too?

Thanks

Original issue reported on code.google.com by andi089...@gmail.com on 16 Jun 2014 at 8:24