Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I built https://fancyjson.com in a day about 5 months ago. I've used it pretty often since. Its a fancy JSON beautifier.

It tries to compact simple objects and spaces all delimiters. It also attempts to align array children. The idea was to produce the most compact, yet still easily readable form of a JSON document.

I was creeped out when trying to find something like this online, because there are many which send your JSON document to the backend instead of doing it on the client.



Neat! just tried it with this json and it didn't do a great job:

  {
    "name": "vuejs-guide-test-1",
    "version": "0.0.1",
    "description": "My app",
    "author": "Duncan Lock <[email protected]>",
    "private": true,
    "dependencies": {
      "vue": "^2.0.5"
    },
    "devDependencies": {
      "babel-core": "^6.1.2",
      "babel-loader": "^6.1.0",
      "babel-plugin-transform-runtime": "^6.1.2",
      "babel-preset-es2015": "^6.1.2",
      "babel-preset-stage-0": "^6.1.2",
      "babel-runtime": "^6.0.0",
      "webpack": "^1.12.2",
      "webpack-dev-server": "^1.16.2"
    }
  }
this was the result:

  {
  "name": "vuejs-guide-test-1",
   "version": "0.0.1",
   "description": "My app",
   "author": "Duncan Lock ",
   "private": true,
   "dependencies": { "vue": "^2.0.5" },
   "devDependencies": 
   {
   "babel-core": "^6.1.2",
     "babel-loader": "^6.1.0",
     "babel-plugin-transform-runtime": "^6.1.2",
     "babel-preset-es2015": "^6.1.2",
     "babel-preset-stage-0": "^6.1.2",
     "babel-runtime": "^6.0.0",
     "webpack": "^1.12.2",
     "webpack-dev-server": "^1.16.2"
   }
  }


That's the same XSS vulnerability that I came to report. Here is a simplified test case:

    {"name":"<b>HELLO</b>"}




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: