Rich-Harris/devalue

How to actually recover value form stringified form?

elderapo opened this issue · 1 comments

Not sure if I am dumb or just tired but I couldn't figure out how to get the actual value from the stringified/encoded input...

import devalue from "devalue";

const obj = { someDate: new Date() };

const serialized = devalue(obj); // equivalent of JSON.stringify
const parsed = ...; // equivalent of JSON.parse?
parsed.someDate.getTime(); 
const parsed = (0,eval)('(' + serialized + ')');

At the bottom of the XSS mitigation section: https://www.npmjs.com/package/devalue#xss-mitigation