Coldfusion 9 serializeJSON()

908 views Asked by At

Anytime that I use serializeJSON in cf9 the JSON it returns is prepended with '//'. This is pretty frustrating because even coldfusion will throw an error trying to decode that as json. For example:

var a = { stuff = 'some content' };
a = serializejSON( a ); // the content of a is now: //{"STUFF":"some content"}
b = deserializeJSON( a );

The above code will throw an error saying something like 'unable to parse character at position 1: /'. In order to make this work I have to do a string replace and swap out '' for the '//'.

I can't seem to find any information on this issue. Is this some sort of feature that I don't understand and is working as intended? Am I missing some sort of setting that fixes this?

2

There are 2 answers

0
Matt Busche On BEST ANSWER

You can disable this in the ColdFusion administrator. Go to Server Settings > Settings and uncheck Prefix serialized JSON with

There are, however, security implications if you turn this off. This helps protect your JSON data from cross-site scripting attacks and is explained more in depth in this StackOverflow answer

0
MPaul On

Quick update: A guy previously submitted a bug ticket to Adobe to disable the secure JSON prefix of the SerializeJSON function in the form of an attribute..

Ticket [Fixed]

Since then Adobe obliged and added the attribute useSecureJSONPrefix onto the SerializeJSON funtion.

Documentation

That way you can keep the secure setting in ColdFusion Administrator and simply disabled it where you don't need it.