Using a JSON.parse reviver to obfuscate fields

Question

I am attempting to abuse a reviver function with JSON.parse.

I basically want to make certain fields \"null\".

If I do this:

var json_data = JSON         


        

Answer 1

It has a rather interesting behavior that the entire object is included in the objects passed to the reviver.

When the entire object is passed, the key is null.

http://jsfiddle.net/sGYGM/7/

var j = '{"uuid":"62cfb2ec-9e43-11e1-abf2-70cd60fffe0e","count":1,"name":"Marvin","date":"2012-05-13T14:06:45+10:00"}';

var json_data = JSON.parse(j, function(k, v) {
    if (k === "" || k == "name") {
        return v;
    } else {
        return null;
    }
});

console.log(json_data);

As per https://developer.mozilla.org/en/JavaScript/Reference/Global_Objects/JSON/parse

The reviver is ultimately called with the empty string and the topmost value to permit transformation of the topmost value. Be certain to handle this case properly, usually by returning the provided value, or JSON.parse will return undefined.

Answer 2

Through some experimentation, it looks like a final call is made to the function where the key is an empty string and the value is the top-level object:

> JSON.parse('{"hello": "world"}', function(k, v) { console.log(arguments); return v; })
["hello", "world"]
["", Object]

So you could use:

var json_data = JSON.parse(j, function(key, value) {
  if (key == "name" || key === "") {        
    return value;
  } else {
    return null;    
  }    
});

Now, since "" does appear to be a valid JSON key, to be 100% correct it might be better to use something like:

var json_data;
JSON.parse(j, function(key, value) {
  if (key == "name") {        
    return value;
  } else if (key === "") {
    json_data = value;
    return null;
  } else {
    return null;    
  }    
});

But that might be a little bit paranoid ;)