Return to Answer

My immediate reaction to this was not positive, for a few reasons.

1. Trying to use regex to parse complex language constructs is a bad idea. Regular expressions just aren't suitable for such constructs.
2. Security through blacklisting is a bad idea because you will always be, by definition, one step behind the attackers. You should use a positive security model.
3. There are a huge number of XSS filter evasion techniques that can be used on top of standard vectors. You cannot possibly detect and block them all.
4. Javascript parsing of JSON via eval() is considered a security vulnerability.
5. Modern browsers have support for proper native JSON parsing, via JSON.parse() and JSON.stringify().
6. If you have to support old browsers, there is a safe JSON library you can use that does not use eval() for decoding.

All in all, your regex approach is over-engineered, insecure, misguided, and redundant. You're attempting to solve a problem that has already been solved. Don't be a Dave. Use the proper JSON parsing functions and libraries available to you.

My immediate reaction to this was not positive, for a few reasons.

1. Trying to use regex to parse complex language constructs is a bad idea. Regular expressions just aren't suitable for such constructs.
2. Security through blacklisting is a bad idea because you will always be, by definition, one step behind the attackers. You should use a positive security model.
3. There are a huge number of XSS filter evasion techniques that can be used on top of standard vectors. You cannot possibly detect and block them all.
4. Javascript parsing of JSON via eval() is considered a security vulnerability.
5. Modern browsers have support for proper native JSON parsing, via JSON.parse() and JSON.stringify().
6. If you have to support old browsers, there is a safe JSON library you can use that does not use eval() for decoding.

All in all, your regex approach is over-engineered, insecure, misguided, and redundant. You're attempting to solve a problem that has already been solved. Don't be a Dave. Use the proper JSON parsing functions and libraries available to you.

My immediate reaction to this was not positive, for a few reasons.

1. Trying to use regex to parse complex language constructs is a bad idea. Regular expressions just aren't suitable for such constructs.
2. Security through blacklisting is a bad idea because you will always be, by definition, one step behind the attackers. You should use a positive security model.
3. There are a huge number of XSS filter evasion techniques that can be used on top of standard vectors. You cannot possibly detect and block them all.
4. Javascript parsing of JSON via eval() is considered a security vulnerability.
5. Modern browsers have support for proper native JSON parsing, via JSON.parse() and JSON.stringify().
6. If you have to support old browsers, there is a safe JSON library you can use that does not use eval() for decoding.

All in all, your regex approach is over-engineered, insecure, misguided, and redundant. You're attempting to solve a problem that has already been solved. Don't be a Dave. Use the proper JSON parsing functions and libraries available to you.

My immediate reaction to this was not positive, for a few reasons.

1. Trying to use regex to parse complex language constructs is a bad idea. Regular expressions just aren't suitable for such constructs.
2. Security through blacklisting is a bad idea because you will always be, by definition, one step behind the attackers. You should use a positive security model.
3. There are a huge number of XSS filter evasion techniques that can be used on top of standard vectors. You cannot possibly detect and block them all.
4. Javascript parsing of JSON via eval() is considered a security vulnerability.
5. Modern browsers have support for proper native JSON parsing, via JSON.parse() and JSON.stringify().
6. If you have to support old browsers, there is a safe JSON library you can use that does not use eval() for decoding.

All in all, your regex approach is over-engineered, insecure, misguided, and redundant. You're attempting to solve a problem that has already been solved. Don't be a Dave. Use the proper JSON parsing functions and libraries available to you.

My immediate reaction to this was not positive, for a few reasons.

1. Trying to use regex to parse complex language constructs is a bad idea. Regular expressions just aren't suitable for such constructs.
2. Security through blacklisting is a bad idea because you will always be, by definition, one step behind the attackers. You should use a positive security model.
3. There are a huge number of XSS filter evasion techniques that can be used on top of standard vectors. You cannot possibly detect and block them all.
4. Javascript parsing of JSON via eval() is considered a security vulnerability.
5. Modern browsers have support for proper native JSON parsing, via JSON.parse() and JSON.stringify().
6. If you have to support old browsers, there is a safe JSON library you can use that does not use eval() for decoding.

All in all, your regex approach is over-engineered, insecure, misguided, and redundant. You're attempting to solve a problem that has already been solved. Don't be a Dave. Use the proper JSON parsing functions and libraries available to you.

My immediate reaction to this was not positive, for a few reasons.

1. Trying to use regex to parse complex language constructs is a bad idea. Regular expressions just aren't suitable for such constructs.
2. Security through blacklisting is a bad idea because you will always be, by definition, one step behind the attackers. You should use a positive security model.
3. There are a huge number of XSS filter evasion techniques that can be used on top of standard vectors. You cannot possibly detect and block them all.
4. Javascript parsing of JSON via eval() is considered a security vulnerability.
5. Modern browsers have support for proper native JSON parsing, via JSON.parse() and JSON.stringify().
6. If you have to support old browsers, there is a safe JSON library you can use that does not use eval() for decoding.

All in all, your regex approach is over-engineered, insecure, misguided, and redundant. You're attempting to solve a problem that has already been solved. Don't be a Dave. Use the proper JSON parsing functions and libraries available to you.