no-object-forgery

Monkeypatch JSON to distinguish parsed objects from those that originate in user code.

1.0.1
latest
Source
npm

Version published: 7 years ago

Weekly downloads: 4; increased by300%

Maintainers: 1

Weekly downloads

Created: 7 years ago

Source

Protecting against Object Forgery

JSON.parse makes it easy to unintentionally turn untrustworthy strings into untrustworthy objects which has led to problems when key pieces of infrastructure are less suspicious of objects than of strings.

This monkeypatches JSON.parse and provides an isParsedObject function that likely identifies objects that were parsed from strings that might come from an untrusted source.

See Protecting against Object Forgery"

Usage

const isParsedObject = require('no-object-forgery');

// myJsonString might come from an attacker.
const x = JSON.parse(myJsonString);

if (isParsedObject(x)) {
  // Don't treat x as privileged.
}

If you know that a string is trustworthy, you can parse an object that is not recognized as a parsed object.

JSON.parseTrusted(trustworthyJsonString);

This is not an official Google product.

Keywords

FAQs

What is no-object-forgery?

Is no-object-forgery popular?

Is no-object-forgery well maintained?

Package last updated on 07 Aug 2018

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

no-object-forgery

Protecting against Object Forgery

Usage

Keywords

Related posts

require(esm) Backported to Node.js 20, Paving the Way for ESM-Only Packages

PyPI Now Supports iOS and Android Wheels for Mobile Python Development