— If you only use JSON.parse you should be fine though
The only thing you have to do extra is validate the structure of the JSON to make sure it's what you expect
— Apparently this got fixed
— Wrapped in a try catch?
— Yes, definitely
— I guess either way you'd have to validate it server side.
— Yeah, as much as you can
— Validation on the client is for UX, not security
— Yeah. I figure it saves the server a little bit of time.
— I would simply do the first method since it reduces complexity, you can send a urlencoded form with little configuration
Message permanent page
— It is also a flat object with little room for malformed structure