From 85b043572229ea67c61fac0493946cd4a7c80d19 Mon Sep 17 00:00:00 2001
From: Harley Watson <htw@lobi.to>
Date: Tue, 9 Jan 2024 00:27:35 +0000
Subject: [PATCH] README: Replace deserialize eval with JSON.parse (#38)

This updates README.md to suggest using [JSON.parse](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/parse) instead of eval to address security concerns.
---
 README.md | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 1339474..3d03c2e 100644
--- a/README.md
+++ b/README.md
@@ -117,15 +117,7 @@ serialize(obj, {ignoreFunction: true});
 
 ## Deserializing
 
-For some use cases you might also need to deserialize the string. This is explicitly not part of this module. However, you can easily write it yourself:
-
-```js
-function deserialize(serializedJavascript){
-  return eval('(' + serializedJavascript + ')');
-}
-```
-
-**Note:** Don't forget the parentheses around the serialized javascript, as the opening bracket `{` will be considered to be the start of a body.
+For some use cases you might also need to deserialize the string. Modern browsers support using [JSON.parse](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/parse) to deserialize JSON, which protects against malicious scripts being executed through malformed JSON.
 
 ## License