Headline
CVE-2022-30241: jquery.json-viewer
The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element.
1.4.0 • Public • Published 3 years ago
- Readme
- Explore BETA
- 0 Dependencies
- 12 Dependents
- 5 Versions
jQuery json-viewer
json-viewer is a jQuery plugin for easily displaying JSON objects by transforming them into HTML.
Features:
- Syntax highlighting
- Collapse and expand child nodes on click
- Clickable links
- Easily readable and minimal DOM structure
Check out the demo page!
Install
Copy sources from git repository, or use npm:
npm install jquery.json-viewer
Make sure jQuery is already included. Then import jquery.json-viewer.js and jquery.json-viewer.css in your HTML document:
<head>
<script src="json-viewer/jquery.json-viewer.js"></script>
<link href="json-viewer/jquery.json-viewer.css" type="text/css" rel="stylesheet">
</head>
Usage
Call the jsonViewer() method on target element and pass your JSON data in argument:
<pre id="json-renderer"></pre>
var data = {
"foobar": “foobaz”
};
$(‘#json-renderer’).jsonViewer(data);
Options
The jsonViewer method accepts an optional config object as a second argument. The supported options are:
- collapsed (boolean, default: false): all nodes are collapsed at html generation.
- rootCollapsable (boolean, default: true): allow root element to be collasped.
- withQuotes (boolean, default: false): all JSON keys are surrounded with double quotation marks ({"foobar": 1} instead of {foobar: 1}).
- withLinks (boolean, default: true): all values that are valid links will be clickable, if false they will only be strings.
Example:
$(‘#json-renderer’).jsonViewer(data, {collapsed: true, withQuotes: true, withLinks: false});
About
- Author: Alexandre Bodelot
- License: MIT License