telenavis.ServerProxy.serverResponse JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate.

Example of using JSON in [[JavaScript]]:

<pre><code>

var object = {};

var serializedObject = '{"helloworld" : "hi"}'; //json string

//set an object from a json serialized object

function deserializeObject

{

object = "{\"id\":534,\"nostype\":\"01\",\"name\":\"ΓΕΝΙΚΟ ΝΟΣΟΚΟΜΕΙΟ ΛΗΞΟΥΡΙΟΥ \\"ΜΑΝΤΖΑΒΙΝΑΤΕΙΟ\\"\",\"road\":\"Στυλιανού Τυπάλδου \",\"number\":\"91\",\"city\":\"ΚΕΦΑΛΛΟΝΙΑ\",\"phone\":\"26710-92222, 91194\",\"x\":20.4371750974,\"y\":38.201297048,\"err\":null,\"typename\":\"Νοσοκομείο\"}"; eval("(" + serializedObject + ")");

}

function serializeObject

{

return object.toSource(); //It wont work in IE.

}

</code></pre>

As seen in a "GMail vulnerability":http://blogs.zdnet.com/Google/?p=434, CSRF (Cross Site Request Forgeries) can cause security issues for sites that utilize [[JSON]] heavily.

The exploit works by having you visit a page with an embedded reference to a third party website that uses a cookie to verify your identity. In some major browsers, cookies will be sent to the third party site and you may unwittingly be giving away access to private data.

Here are some ways to make the use of JSON secure in web applications:

* Unguessable values.

Either encoded in the urls, or encoded in the parameters to a JSON request, embed dynamic values that cannot be guessed by a third party - reject requests that do not have these elements.

cccc

If the third party cannot guess your value, they cannot embed a request with it.

* [[XMLHttpRequest]]

The domain security on XMLHttpRequest is more stringent than simple script embeds. XMLHttpRequest cannot access outside domains, so if you can verify the request came from an XMLHttpRequest - you can be sure it came from a first party script. The way to verify this is to alter the headers on the XMLHttpRequest - a @<script>@ embed does not have this capability and thus cannot spoof the request.

JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate.

Example of using JSON in [[JavaScript]]:

<pre><code>

var object = {};

var serializedObject = '{"helloworld" : "hi"}'; //json string

//set an object from a json serialized object

function deserializeObject

{

object = eval("(" + serializedObject + ")");

}

function serializeObject

{

return object.toSource(); //It wont work in IE.

}

</code></pre>

JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate.

Example of using JSON in [[JavaScript]]:

<pre><code>

var object = {};

var serializedObject = '{"helloworld" : "hi"}'; //json string

//set an object from a json serialized object

function deserializeObject

{

object = eval("(" + serializedObject + ")");

}

function serializeObject

{

return object.toSource(); //It wont work in IE.

}

</code></pre>

JSON (JavaScript stands for JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate.

Example of using JSON in [[JavaScript]]:

<pre><code>

var object = {};

var serializedObject = '{"helloworld" : "hi"}'; //json string

//set an object from a json serialized object

function deserializeObject

{

object = eval("(" + serializedObject + ")");

}

function serializeObject

{

return object.toSource(); //It wont work in IE.

}

</code></pre> Notation

WELCOME THIS EXAMPLE IS NOT CLEAR SO I DELETED

<pre><code>

var object = {};

var serializedObject = '{"helloworld" : "hi"}'; //json string

//set an object from a json serialized object

function deserializeObject

{

object = eval("(" + serializedObject + ")");

}

function serializeObject

{

return object.toSource(); //It wont work in IE.

}

</code></pre>

JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate.

Example of using JSON in [[JavaScript]]:

<pre><code>

var object = {};

var serializedObject = '{"helloworld" : "hi"}'; //json string

//set an object from a json serialized object

function deserializeObject

{

object = eval("(" + serializedObject + ")");

}

function serializeObject

{

return object.toSource(); //It wont work in IE.

}

</code></pre>

JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate.

Example of using JSON in [[JavaScript]]:

<pre><code>

var object = {};

var serializedObject = '{"helloworld" : "hi"}'; //json string

//set an object from a json serialized object

function deserializeObject

{

object = eval("(" + serializedObject + ")");

}

function serializeObject

{

return object.toSource(); //It wont work in IE.

}

</code></pre>

As seen in a "GMail vulnerability":http://blogs.zdnet.com/Google/?p=434, CSRF (Cross Site Request Forgeries) can cause security issues for sites that utilize [[JSON]] heavily.

The exploit works by having you visit a page with an embedded reference to a third party website that uses a cookie to verify your identity. In some major browsers, cookies will be sent to the third party site and you may unwittingly be giving away access to private data.

Here are some ways to make the use of JSON secure in web applications:

* Unguessable values.

Either encoded in the urls, or encoded in the parameters to a JSON request, embed dynamic values that cannot be guessed by a third party - reject requests that do not have these elements.

Another option is cookies: although the browser will allow a third party site to cause you to send over your domain cookies to a third party domain, pretty much all browsers won't allow one domain to access another's cookies.

cccc

If the third party cannot guess your value, they cannot embed a request with it.

* [[XMLHttpRequest]]

The domain security on XMLHttpRequest is more stringent than simple script embeds. XMLHttpRequest cannot access outside domains, so if you can verify the request came from an XMLHttpRequest - you can be sure it came from a first party script. The way to verify this is to alter the headers on the XMLHttpRequest - a @<script>@ embed does not have this capability and thus cannot spoof the request.

JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate.

Example of using JSON in [[JavaScript]]:

<pre><code>

var object = {};

var serializedObject = '{"helloworld" : "hi"}'; //json string

//set an object from a json serialized object

function deserializeObject

{

object = eval("(" + serializedObject + ")");

}

function serializeObject

{

return object.toSource(); //It wont work in IE.

}

</code></pre>

JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate.

Example of using JSON in [[JavaScript]]:

<pre><code>

var object = {};

var serializedObject = '{"helloworld" : "hi"}'; //json string

//set an object from a json serialized object

function deserializeObject

{

object = eval("(" + serializedObject + ")");

}

function serializeObject

{

return object.toSource(); //It wont work in IE. //d

}

</code></pre>

JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate.

Example of using JSON in [[JavaScript]]:

<pre><code>

var object = {};

var serializedObject = '{"helloworld" : "hi"}'; //json string

//set an object from a json serialized object

function deserializeObject

{

object = eval("(" + serializedObject + ")");

}

function serializeObject

{

return object.toSource(); //d //does not work in IE

}

</code></pre>

JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate.

Example of using JSON in [[JavaScript]]:

<pre><code>

var object = {};

var serializedObject = '{"helloworld" : "hi"}'; //json string

//set an object from a json serialized object

function deserializeObject

{

object = eval("(" + serializedObject + ")");

}

function serializeObject

{

return objet.toSource(); object.toSource(); //does not work in IE

}

</code></pre>

JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate.

Example of using JSON in [[JavaScript]]:

<pre><code>

var object = {};

var serializedObject = '{"helloworld" : "hi"}'; //json string

//set an object from a json serialized object

function deserializeObject

{

object = eval("(" + serializedObject + ")");

}

function serializeObject

{

return object.toSource(); //does not work in IE

}

</code></pre>