|
|
|
|
|
|
by euank
4524 days ago
|
|
|
Citation needed. There have been many vulnerabilities in YAML parsers for ruby because they let you encode actual objects / code. JSON, despite being "Javascript object notation", can't actually encode full code/objects. You only have a few datatypes: (off the top of my head) bools, strings, numbers, arrays, key/value dicts. None of these are dangerous or difficult to parse. What you might be thinking about is the recent Ruby on Rails vulnerability which was caused by transforming JSON into YAML and then parsing the YAML. It would be more accurate to say the YAML parser was vulnerable. Your claim that "JSON parsers are notoriously vulnerable" implies that this is a common occurrence as well, not just a single incidence. I personally don't see it as likely because JSON has pretty much no features compared to xml; the surface area is tiny. |
|
|
[1] http://arstechnica.com/business/2011/12/huge-portions-of-web...