Message from JavaScript discussions

May 2017

— If you only use JSON.parse you should be fine though

— 

The only thing you have to do extra is validate the structure of the JSON to make sure it's what you expect

— Apparently this got fixed

— Wrapped in a try catch?

— Yes, definitely

— I guess either way you'd have to validate it server side.

— Yeah, as much as you can

— Validation on the client is for UX, not security

— Yeah. I figure it saves the server a little bit of time.

— I would simply do the first method since it reduces complexity, you can send a urlencoded form with little configuration

Message permanent page

— It is also a flat object with little room for malformed structure

— Ok.