This weekend I read an interesting blog post called “JSON: The JavaScript subset that isn’t” and decided to test ColdFusion’s SerializeJSON() function to see if the “bug” existed there. It does. To reproduce, you can create a .cfm page that contains the following HTML/CF code:
1 2 3 | <script type="text/javascript"> var test = #SerializeJSON("test" & chr(8232))#; </script> |
To “fix” the bug, you can replace SerializeJSON() with SafeSerializeJSON() like this:
