Two of the most common security issues when using JSON in the Web:
1, cross-site request forgery;
That is CSRF, is a way of using the site to attack the user's browser trust. Typical is the JSON array, more information please self-surfing Baidu.
2, cross-site scripting attacks.
is an injection attack, a common security vulnerability when using JSON typically occurs when JavaScript obtains a JSON string from the server and translates it into a JavaScript object.
Here are three things to keep in mind when locating JSON security issues:
First, do not use top-level arrays. Top-level arrays are legitimate JavaScript scripts that can be linked and used with <scirpt> tags;
Second, for resources that you do not want to expose, only HTTP POST method requests are allowed, not the Get method. The Get method can be requested via a URL, and can even be placed in a <script> tag.
Third, use Json.parse () instead of Eval (). The eval () function compiles and executes the incoming string, which makes your code vulnerable to attack. You should use only Json.parse () to parse JSON data.
For more JSON security issues, Internet access is believed to be more.
Security issues in JSON