JSON rendering in Internet Explorer
In the world of Web2.0 and mash web applications, security researchers come across more and more XSS vulnerabilities that are reflected in non HTML responses.
There are a few known methods to indirectly exploit these issues:
1. Attacking the JSON parsing mechanism:
Some applications use JS evaluation functions in order to create an object from the returned JSON content. If the attacker is able to inject, for example, a quote sign, he can break out of the JS string surrounding the value and exploit the XSS through the eval function. For example: