It’s not about eval() Let say I have #password input, and I send this

Question

0

Editorial Team

Asked: May 30, 20262026-05-30T12:42:22+00:00 2026-05-30T12:42:22+00:00

It’s not about eval() Let say I have #password input, and I send this

0

It’s not about eval()

Let say I have #password input, and I send this data as a part of JSON object

var toSend = {
    text: 'hello',
    pass: $("#password").val()
};

Do I need to validate input?
Would ", you: "are hacked" be interpreted on another side of communication as single string or empty string and another property?

edit: Nothing would happen in browser environment, but if JSON would be sent over internet as plain text and parsed again?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-30T12:42:24+00:00

Editorial Team

2026-05-30T12:42:24+00:00Added an answer on May 30, 2026 at 12:42 pm

If you would do the thing you’re describing, nothing would happen, as json is being escaped (if you’re using parser (JS object -> JSON))

Nothing would happen in browser environment, but if JSON would be sent over internet as plain text and parsed again?

If you’re parsing string version (JSON) to JS object, all values are unesecaped, so you have to escape them afterwards.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

It’s not about eval() Let say I have #password input, and I send this

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply