Is JSON validation a best practice?
Is it a best practice to validate JSON?
On the server, validation of data coming from outside is a must.
In the browser, it is redundant from a security POV, if you can vouch that the JSON is generated by server code you control and that any data it depends on has been validated on the server. Even so it can still be useful for debugging.
My 2c on this is that:
(a) Yes, obviously incoming data should be validated, but
(b) The best place to do this is NOT with Json data as is, but with actual business logic objects, iff data binding is used. JSON validation makes only sense if you handle "raw" JSON, but most services (at least in Java) use data binding first and then operate on biz logic objects, not on data format (which often is almost an implementation detail)