partial-json-parser-js icon indicating copy to clipboard operation
partial-json-parser-js copied to clipboard
verified publisher icon promplate

Edge case with proto

Open jacobzim-stl opened this issue 1 year ago • 3 comments

I did some fuzz testing with this library and found an edge case.

The JSON string "{\"__proto__\": 0}" is correctly parsed by the native JSON library into { "__proto__": 0 }, but in this library it is parsed into {}.

To solve, in the parseObj function update obj[key] = value; to Object.defineProperty(obj, key, { value, writable: true, enumerable: true, configurable: true });

jacobzim-stl avatar Sep 07 '24 23:09 jacobzim-stl

Thanks! I'm not very familiar with these JavaScript features, as I simply translated my Python implementation without a deep understanding of the JavaScript specifics. Would you mind creating a PR?

CNSeniorious000 avatar Sep 08 '24 03:09 CNSeniorious000

hey @jacobzim-stl , did you find any way to correctly parse it using partial-json?

i've also encountered with a similar issue now!

shivamness avatar Mar 23 '25 14:03 shivamness

To solve, in the parseObj function update obj[key] = value; to Object.defineProperty(obj, key, { value, writable: true, enumerable: true, configurable: true });

This can solve. I didn't update the code earlier because I didn't think this was a widely occurring problem, and using Object.defineProperty might introduce a slight overhead. @ashokasec, could you share the use case where you encountered this problem?

CNSeniorious000 avatar Mar 24 '25 03:03 CNSeniorious000