As mentioned before, the use of the Parser to serialize JSON is not safe. The following code will execute:

angular.fromJson("{'res':([1,2,3]['constructor']'constructor'())}").res

If the JSON string happened to be user-supplied it would execute code. An approach similar to json.org should be used.