Implement JSON methods on JS objects. This is planned for JS2.0 but I don't see a reason why it should not be added to JS1.x As far as I remember these new methods are: String.prototype.parseJSON Object.prototype.toJSONString Sub classes of Object needs to override this. Array.prototype.toJSONString String.prototype.toJSONString Other built in classes can use toString

Interesting. I'm guessing these differ from eval/uneval by refusing to eval or uneval functions, for example?

This is still being discussed for ES4, it won't make JS1.7. /be

This might be good to do in Mozilla 1.9/Firefox 3, but then we're on the slippery slope to a JS1.8... /be

*** Bug 360666 has been marked as a duplicate of this bug. ***

The JSON syntax allows arrays to be the root object. There has been an article on Ajaxian <http://ajaxian.com/archives/the-safety-of-json> that describes a way of stealing cross-domain JSON data (if the JSON is an array) by overriding the Array constructor, then pulling in the JSON with a cross-domain script tag and then capturing the generated array before it goes away. Is it possible to mitigate this attack?

nrlz, see bug 376957, "Prevent data leaks from cross-site JSON loads".

Now that Native JSON Support (bug 387522) has landed, can we set this to be on track with FF3b3? Like that ticket, getting this to land would be a huge performance win - perhaps more so, considering that this would effect thousands of web applications directly.

I am wondering if bug 408838 better serves John's needs for exposing native JSON to web content.

I'd love this personally, but time is running short for FF3 and we are way beyond new feature type stuff. If we can get a low-risk version in great - but we will not hold the release for this.

Bumping to JS1.9.

Is this a pure DUP? /be