I am currently using the Google-Gson library to convert Java objects into JSON i

ID: 646596 • Letter: I

Question

I am currently using the Google-Gson library to convert Java objects into JSON inside a web service.

Once the object has been converted to JSON, it is returned to the client to be converted into a JSON object using the JavaScript eval() function. Is the character escaping provided by the Gson library enough to ensure that nothing nasty will happen when I run the eval() function on the JSON payload?

Do I need to HTML Encode the Strings in the Java Objects before passing them to the Gson library? Are there any other security concerns that I should be aware of?

Explanation / Answer

No, Gson is not meant to be used to securely encode JSON in all possible cases. Instead, use a library dedicated to securely parse JSON. JSON.parse is a good example.

Navigate

I am currently using eclipse to write in java. Here is the previous exercise cod

I am currently working on \"phase 2\" on a 3 part assignment. Below are my answe

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.

I am currently using the Google-Gson library to convert Java objects into JSON i

Question

Explanation / Answer

Related Questions

Navigate