no way to enable "escape_slash" in the JSON engine #895

Closed
modosc opened this Issue Feb 14, 2013 · 3 comments

Projects

None yet

3 participants

Contributor
modosc commented Feb 14, 2013

this option should probably be enabled by default since it can cause potential security issues when serializing user supplied data. to enable it you need to do:

use JSON -support_by_pp;

and then make sure escape_slash => 1 is set in the options passed into to_json.

Contributor
modosc commented Feb 14, 2013

added a pull request. i didn't make this the default behavior since i'm not sure what the general dancer philosophy is about this.

Contributor
mokko commented Apr 3, 2013

is already committed: 3135001

can be closed

Owner
xsawyerx commented Apr 3, 2013

@mokko Thanks! :)

@xsawyerx xsawyerx closed this Apr 3, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment