Just to be perfectly clear: script injection is not a feature, it is a security vurnerabilty. And that jQuery, in an apparently rather old version, did this in its days, is no excuse to repeat the mistake in 2018.
right and what would be the best way to do that since JSON.parse doesn't work because it has a function?
I ask that because I have a very similar scenario.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
yes. this code is also used for script injection.
I have checked jquery parseJSON method in jquery library in 1.x version. It also uses this technique to parse json..
Just to be perfectly clear: script injection is not a feature, it is a security vurnerabilty. And that jQuery, in an apparently rather old version, did this in its days, is no excuse to repeat the mistake in 2018.
right and what would be the best way to do that since JSON.parse doesn't work because it has a function?
I ask that because I have a very similar scenario.