Code On Fire Passionate About Cool Code

24Feb/100

Why a JSON parser for JavaScript?

JSON is a proper subset of JavaScript, effectively reflecting the definition of a JavaScript object. The easiest way to parse a JSON string into a JavaScript object is using the eval statement:

var obj=eval(‘(‘+jsonString+’)’);

And therein lies the problem. Eval statements are dangerous, especially in a web2.0 environment and can be abused if your evaluation string is contaminated by content you don’t control. Even if your server side code does JSON encoding you could still end up with some severe problems. For example:

jsonString={a:new function(){document.body.innerHTML=”This script just hijacked your page”;}}

That is why JSON parsers that don’t make use of eval is recommended. The smallest and best one I’ve come across can be found at http://code.google.com/p/json-sans-eval/

Enjoy this article?

Consider subscribing to our rss feed!

Tagged as: , , , , Leave a comment
Comments (0) Trackbacks (0)

No comments yet.


Leave a comment



No trackbacks yet.

« Code & Style Separation – Not Always so Useful WebSocket Support Investigation »

Categories

Tags

Adobe Air Ajax AppEngine Best Practices Beta ByteArray Comet CSS3 drag drag & drop drop events ExtJs GAE Google App Engine HTML5 Improve Code Javascript jQTouch jQuery Json Long Polling mouse mouseleave move MVC parse Raphael SDK Security Semantic Events Sencha Separation of Code and Style TripWire web2.0 web applications Web Services window

Friends

Translator

Ohloh profile for Mark Holtzhausen