Browse files

Add an OkJson backend and remove the YAML backend

Fixes CVE-2013-0333.  The ActiveSupport::JSON::Backends::Yaml class is present but the functionality has been removed entirely.
  • Loading branch information...
1 parent ac94515 commit bd6dee9bb9575ab7abfde5dbc95bdd4aa0f79693 @NZKoz NZKoz committed with tenderlove Jan 23, 2013
Oops, something went wrong.

4 comments on commit bd6dee9

After the upgrade am seeing errors like invalid character at "NaN,\"click". when calling json = ActiveSupport::JSON.decode(response.body) Can you suggest a possible workaround?


johndouthat replied Jan 29, 2013

@tispratik To be fair, NaN isn't valid JSON, which is why OkJson doesn't like it. The old parser would convert it to a string, but that's not defined in the JSON spec. You might want to try using a different JSON backend. e.g. ActiveSupport::JSON.backend = "JSONGem" in an initializer, per NZKoz

Thanks @johndouthat, With JSONGem also am getting the same error,. JSON::ParserError, unexpected token at 'NaN,"clicks"

Please sign in to comment.