1. 32
    1. 8

      Evil idea: Fingerprint the internal tech stack of a web app by taking advantage of the fact that all JSON parsers have different behavior. Sending carefully-crafted JSON payloads that will throw an error for one “valid, but odd” syntax but not another, like {"a": 0.}.

      1. 4

        This is why Postel’s law is a bad idea something you have to be very careful about.

        1. 2

          My version of Postel’s Law, with the benefit of hindsight: “If you accept crap, then crap is what you will get.”

    2. 2

      I’m a bit sad that this was not updated to reflect the changes after I fixed the bug the author reported against SBJson in 2016.