Found a good article about JSON and Browser security from Yui-Blog, and it shows you some guidelines to avoid bad practices when doing web development using JSON data format. The following are some quotes:
JSON is a data interchange format. It is used in the transmission of data between machines. Since it carries only data, it is security-neutral. The security of systems that use JSON is determined by the quality of the design of those systems. JSON itself introduces no vulnerabilities.
The web browser is a peculiar application environment. The security model of the browser was forged through a long series of foreseeable and painful blunders. Most of the holes in the browser have been plugged, but in some cases the plugs become annoyances which must be circumvented, and that circumvention leads, foreseeably and ever-painfully, to a continuing series of blunders.
This pain can be avoided by adopting good practices. Often, so-called experts seem to be incapable of distinguishing the good practices from the bad ones, so there is a lot of bad advice available on the web.
I will share here a small set of principles which can be seen to be true. If you hold to these principles, you will be much less likely to adopt bad practices.
To see the full article, visit YUIBlog