Which is more secure and why JSON or XML

Question

Which is more secure and why JSON or XML

I want to implement web services in Java EE, the answer to which will be JSON. This is my first attempt to do this, but before that I just want to know if there are any security issues with JSON, because in many blogs I read it is referred to as "JSON is not secure compared to XML." JSON has several advantages, such as ease of use, high speed.

So, can someone tell me the truth about whether JSON is really unsecured or not. If so, why. Please explain an example.

There are some old related articles:

JSON vs XML - 2006

refers to eval

JSON is not as secure as people think

The only claim for protecting non-public data accessible through JSON is the use of unique URLs.
CSRF (False) -
Array hack javascript parsing by browser.

+5

java json java-ee xml web services

Nikhil Agrawal Apr 30 '13 at 6:42

source share

7 answers

Andremoniy · Answer 1 · 2013-04-30T06:45:30+0000

This is nonsense. Both jsonand xmlare simply methods for representing structured data. None of them can be considered “more secure” or “less secure”.

Eli Algranti · Answer 2 · 2013-04-30T06:49:22+0000

There is no difference between security and JSON and XML. The "uncertainty" that people refer to regarding JSON is related to how JSON can (but should never) understand Javascript.

JSON is based on syntax for encoding objects in javascript, so evaluating the JSON result in javascript returns a valid object.

This can open JSON for various exploits for javascript injection.

: eval() JSON javascript, JSON , .

Aquillo · Answer 3 · 2013-04-30T06:45:47+0000

. , :

1

2

, java, php perl. json xml. json , xml . , json, xml.

Mike Kuasinski · Answer 4 · 2013-05-10T06:52:02+0000

, , JSON .

Phil · Answer 5 · 2013-05-15T13:40:12+0000

. ( - ). JSON , . JavaScript, JSON - JavaScript, JavaScript JSON .

( ) XML - . , . , , , JSON, .

, , . , , , , JSON XML.

goopcat · Answer 6 · 2017-05-15T23:26:38+0000

, , . , , XXE DTD. , / , XML, JSON .

https://blog.securityevaluators.com/xml-vs-json-security-risks-22e5320cf529

, XML XXE DTD, XML , .

JSON, , , JSONP Same-Origin ( CSRF), , :

.

:

, , XML JSON. , XML ; DTD . , JSON , , JSONP. - , -.

greperror · Answer 7 · 2017-05-19T16:02:50+0000

JSON XML . , , ?

, JSON (JavaScript Object Notation), , JavaScript , , JavaScript, JavaScript JSON , , JavaScript-, JavaScript, , , XML , , . 2 JavaScript eval() .

?

, - , , , - , .

: , , , <img> <script>, GET .

, - www.authenticatedwebsite.com, , www.malicious.com, html <script src="www.authenticatedwebsite.com/get-user-order-history" />

www.malicious.com script www.authenticatedwebsite.com.

, script, URL- src, url javascript [ , POSTing ]?

JSON XML . JavaScript JSON, JavaScript JSON JavaScript .

JSON , ?

. JSON . JavaScript Array. JavaScript. - :

Array = function(){ yourObject = this };

JavaScript Array, , JavaScript , , .

JSON .

, JSON API GET. , , , , , , GET API JSON.

, , () JSON, JavaScript . .

, JSON , eval() JSON. eval() script, JSON script, eval() , , script, . , , , eval() JSON . -, , .

Which is more secure and why JSON or XML

More articles: