Comment by joering2

6 years ago

There are ways to properly sanitize inputs these days so NULL becomes "NULL" (string), BUT also tons of systems moved into JSON format assuming its safe. It is not. JSON is not binary safe and there are tons of unicode chars that will break JSON. I was once overseeing system that people would bring down all the time by registering usernames that the app could not properly sanitize and they in return were breaking JSON format to the halt of the whole system. I should not admit but using same chars I myself broke few youtube channels when comments and votes were working in JSON format themselves without properly removing unsafe char codes. Good times.

3 comments

joering2

heavenlyblue 6 years ago

No, it’s not the JSON format that is broken - it’s the parser you use for JSON that is broken.

joering2 6 years ago
Well not me. More like large vast of websites used to or still have. The assumption was all I need is JSON and it will properly format data during exchange.
- heavenlyblue 6 years ago
  
  Then you would be surprised it also doesn’t handle big integers well in JavaScript, too!