1. 32
  1.  

  2. 8

    Evil idea: Fingerprint the internal tech stack of a web app by taking advantage of the fact that all JSON parsers have different behavior. Sending carefully-crafted JSON payloads that will throw an error for one “valid, but odd” syntax but not another, like {"a": 0.}.

    1. 4

      This is why Postel’s law is a bad idea something you have to be very careful about.

      1. 2

        My version of Postel’s Law, with the benefit of hindsight: “If you accept crap, then crap is what you will get.”

    2. 2

      I’m a bit sad that this was not updated to reflect the changes after I fixed the bug the author reported against SBJson in 2016.