[issue41998] JSON Encoder Injection Using Indent

Dustin Moriarty added the comment: Sounds good. If this is the design intent, then we can close the issue. -- resolution: -> not a bug stage: -> resolved status: open -> closed ___ Python tracker _

[issue41998] JSON Encoder Injection Using Indent

Serhiy Storchaka added the comment: The code works as expected. I do not think there is a problem with the json module. If some application accepts user input and use it without validation to control the formatting of sensitive data, it is a vulnerability in this application, not in tools wh

[issue41998] JSON Encoder Injection Using Indent

New submission from Dustin Moriarty : It is possible to inject data while encoding json when a string is passed to the indent argument. Here is an example of an injection attack. ```python import json data = {"a": "original data"} indent = '"b": "injected data",\n' json_string = json.dumps(