balupton
commented
11 years ago Hrmmm... So you're saying: JSON.parse(fs.readFileSync filename) works? When is a use case when someone would want to do this over just providing the filename?
Closed magwo closed 5 years ago
balupton
commented
11 years ago Hrmmm... So you're saying: JSON.parse(fs.readFileSync filename) works? When is a use case when someone would want to do this over just providing the filename?
rdeforest
commented
7 years ago Interestingly, the JSON Buffer transforms are not symmetrical:
coffee> JSON.parse JSON.stringify Buffer.from "foo"
{ type: 'Buffer', data: [ 102, 111, 111 ] }This can be addressed with the reviver option to .parse:
reviver = (k, v) ->
if (d = v.data) and (t = global[v.type]) and 'function' is typeof t.from
t.from d
else
v
coffee> reviver = (k, v) -> if (d = v.data) and (t = global[v.type]) then t.from d else v
[Function: reviver]
coffee> JSON.parse JSON.stringify(Buffer.from "foo"), reviver
<Buffer 66 6f 6f>
coffee> _.toString()
'foo'This would need to be hardened to make sure it doesn't somehow enable arbitrary code execution via variation of the following:
hax:
type: VulnerableObject
data: "stuff that VulnerableObject treats as code for some reason"Closing due to lack of initiative for this issue showing a lack of value for this issues
Otherwise could be an issue for https://github.com/groupon/cson-parser
Hello,
it seems to me that the CSON parser does not, in contrast to the JSON parser, support buffer objects as returned by for example fs.readFileSync().
Note that you only get a buffer object if you do not specify encoding: http://nodejs.org/api/fs.html#fs_fs_readfilesync_filename_encoding