How to actually recover value form stringified form?
elderapo opened this issue · 1 comments
elderapo commented
Not sure if I am dumb or just tired but I couldn't figure out how to get the actual value from the stringified/encoded input...
import devalue from "devalue";
const obj = { someDate: new Date() };
const serialized = devalue(obj); // equivalent of JSON.stringify
const parsed = ...; // equivalent of JSON.parse?
parsed.someDate.getTime();
coyotte508 commented
const parsed = (0,eval)('(' + serialized + ')');
At the bottom of the XSS mitigation section: https://www.npmjs.com/package/devalue#xss-mitigation