.I agree that putting objects inside of arrays inside of JSON can be troublesome. However, in the other direction, a valid JSON Array (or ‘JSONList’) is always a valid regular array, and I think it should be treated as such, rather than just returning typeof == ‘json’. Most of the time I create and read JSON, I don’t have to santitize it because it is internal, and I know what I’m doing.
.
Otherwise, when I’m worried about JSON input, I can use a library to parse and encode the data as I see fit. Now, I think the library should throw an error when encoding or parsing a cyclical reference as proposed in the spec, but I see no reason the ECMAScript 4 spec should include JSON over any other data format.
.
Usually it is fastest for me to translate an entire JS object into or out of JSON once, before or after transport, rather than doing a check on each individual part. JS is very fast with native objects and arrays. However if you do need a JSON object type and want to sanitize input without regex’d eval, there is this JSONLib.

For example in JavaScript:

var arr1 = [ window , document , document.body ];
var arr2 = [ 1 , {} , '3' ];

you can never call arr1.toJSONString().

Because it create a lot circular reference such as window.document.window.document.window…….which generates infinite JSONStrings.

JSON.put() should guarantee that only valid JSON type data can be set to another JSON object.

The [[Put]] method…will only accept values of type JSON, JSONList, Date, boolean, string, number, or null.

.
Excuse me? So I can’t put an array into JSON, I have to redefine my array as a new type, JSONList? …And then it loses its identity as an array, returning typeof as JSON, making it impossible to determine the difference between key/value pairs (an object) and a value list (an array)? …And I lose my array methods, and have to deal with lists only with (a redefined in code, non-native) put and push, no pop or unshift, etc.?
.
BTW, JSON stands for JavaScript Object Notation. One can not possibly “keep JSON out of JavaScript.” JSON often needs to be sanitized or used securely, just like SQL statements or any other data exchange format.
.
I’ll take uh, JavaScript’s native support for JSON, thanks. One of the strengths of JS is that everything can be expressed as an object, and therefore basically can be translated into JSON. I only want to be forced into slow safe parsing when it’s necessary for security, not every time I define a variable with JSON.