deac/jquery
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Back out the try/catch logic from around JSON.parse. We should always try to use it, otherwise security will suffer.

Browse source
This commit is contained in:
jeresig 2010-01-07 11:54:26 -05:00
parent c68fbc2071
commit c14fa516ae
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/ajax.js
View file

@ -578,10 +578,10 @@ jQuery.extend({
// Get the JavaScript object, if JSON is used. // Get the JavaScript object, if JSON is used.
if ( type === "json" || !type && ct.indexOf("json") >= 0 ) { if ( type === "json" || !type && ct.indexOf("json") >= 0 ) {
// Try to use the native JSON parser first // Try to use the native JSON parser first
try { if ( window.JSON && window.JSON.parse ) {
data = JSON.parse( data ); data = window.JSON.parse( data );
} catch(e) { } else {
data = (new Function("return " + data))(); data = (new Function("return " + data))();
} }
} }