-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add the option for ignoring the __proto__ property #7
Comments
How does the native |
JSON.parse does not worry about it) It need to handle manually and causes the performance issues. May be some people don't know about the proto property behaviour in the js and not handling this |
If Can I close? |
It's may used for any hacks. Many peoples use Object.keys for validation objects, that have been parsed by JSON, and as you know Object.keys does not returns properties from the proto |
"It's very unusual to have proto into JSON feeds. It should be stripped by serialization" |
OK, I did a bit of research and I get it: o = JSON.parse('{ "__proto__": null }'); // o instanceof Object === true
o = { "__proto__": null } // o instanceof Object === false So i-json should do the same. |
var oo ='{"prop1":"val1","__proto__" : { "hasOwnProperty":"true", "toString" : "ok" }}';
var jsO = JSON.parse(oo);
console.log(jsO.toString); the result is "ok" |
Can you do this?
It's very bad that JSON parses proto without any errors, it may cause a various bugs
The text was updated successfully, but these errors were encountered: