Coldfusion 9 serializeJSON()

Asked 10/6, 2015 at 14:37 Answered 28/9, 2017 at 20:11

Solved json coldfusion adobe coldfusion-9 cfml

Anytime that I use serializeJSON in cf9 the JSON it returns is prepended with '//'. This is pretty frustrating because even coldfusion will throw an error trying to decode that as json. For example:

var a = { stuff = 'some content' };
a = serializejSON( a ); // the content of a is now: //{"STUFF":"some content"}
b = deserializeJSON( a );

The above code will throw an error saying something like 'unable to parse character at position 1: /'. In order to make this work I have to do a string replace and swap out '' for the '//'.

I can't seem to find any information on this issue. Is this some sort of feature that I don't understand and is working as intended? Am I missing some sort of setting that fixes this?

Magnetoelectricity answered 10/6, 2015 at 14:37 Comment(3)

you can change the setting the CF Admin under Server Settings > Settings. Disable the "Prefix serialized JSON with" field – Lion 10/6, 2015 at 14:46

@MattBusche you should promote your comment to an answer. That is definitely where the // is coming from. But keep in mind that recommending to disable that setting is introducing a potential security risk. Just to make the OP and others aware. – Strontia 10/6, 2015 at 14:49

@MattBusche - Could you please update your answer to mention the security implications of disabling that feature? In case the next guy reading it does not know about it and applies it without understanding the ramifications.. – Trisyllable 10/6, 2015 at 21:3

You can disable this in the ColdFusion administrator. Go to Server Settings > Settings and uncheck Prefix serialized JSON with

There are, however, security implications if you turn this off. This helps protect your JSON data from cross-site scripting attacks and is explained more in depth in this StackOverflow answer

Lion answered 10/6, 2015 at 14:54 Comment(0)

Quick update: A guy previously submitted a bug ticket to Adobe to disable the secure JSON prefix of the SerializeJSON function in the form of an attribute..

Ticket [Fixed]

Since then Adobe obliged and added the attribute useSecureJSONPrefix onto the SerializeJSON funtion.

Documentation

That way you can keep the secure setting in ColdFusion Administrator and simply disabled it where you don't need it.

Carburetor answered 28/9, 2017 at 20:11 Comment(0)

Recommended topics

Hot tags