Allow javascript constuctor using @JSON contribution

Brought to you by: charliehubbard

#9 Allow javascript constuctor using @JSON contribution

Status: closed

Owner: nobody

Labels: None

Priority: 5

Updated: 2012-02-02

Created: 2008-01-08

Creator: Chandra

Private: No

This patch adds constructor property to JSON annoation which is used by serializer.

For instance
@JSON(constructor = "new opensocial.Person")
public class Person implements Serializable {
...
}

will serialize this as
new opesocial.Person({...}) instead of {....}.

Chandra - 2008-01-08

flexjson.patch

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Charlie Hubbard - 2012-02-02

status: open --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Charlie Hubbard - 2012-02-02

This produces invalid JSON. Embedding classes to be instantiated like this is a serious security hole. I could very easily get in the middle and send you a class to instantiate that would allow me to run remote code. For these two reasons I cannot accept this feature request and it will be closed.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link: