Hacker News new | ask | show | jobs
by basil-rash 859 days ago
That's fair, though somewhat benign barring a prototype pollution vulnerability. The object still behaves the same as it would had you JSON.parse'd the same string (Object.getPrototypeOf aside).
1 comments
zerocrates 858 days ago
One simple issue would be if your object looks like

x = {"__proto__": {"foo": "bar"}}

now x.foo is "bar" if that's JS code, but undefined if you JSON.parse that same object definition from a string.

link