Replace insecure eval() call with JSON.parse() in the

Jansson support.
author: Michael J. Bishop <mbtyke@gmail.com> 2013-07-29 16:39:51 -0400
committer: Michael J. Bishop <mbtyke@gmail.com> 2013-07-29 16:41:01 -0400
commit: 021f8eb689e6c3318416316bd3254d02970206e6 (patch)
tree: 351c34331628c62fdcbdae28a86d822587a781d8 /src
parent: 0914aca645370e8ff46324d304b8a2acb64567ec (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/library_jansson.js b/src/library_jansson.js
index 93f239fc..da8c5aa8 100644
--- a/src/library_jansson.js
+++ b/src/library_jansson.js
@@ -79,7 +79,7 @@ var LibraryJansson = {
       load: function(string, flags, error) {
         // This is potentially a security problem.
         // TODO: Make sure everything is properly escaped
-        var json_obj = eval('(' + string + ')');
+        var json_obj = JSON.parse(string);
 
         if (json_obj != null) {
           // The context is an array storing all child nodes.
author	Michael J. Bishop <mbtyke@gmail.com>	2013-07-29 16:39:51 -0400
committer	Michael J. Bishop <mbtyke@gmail.com>	2013-07-29 16:41:01 -0400
commit	021f8eb689e6c3318416316bd3254d02970206e6 (patch)
tree	351c34331628c62fdcbdae28a86d822587a781d8 /src
parent	0914aca645370e8ff46324d304b8a2acb64567ec (diff)