Skip to main content

Safely turning a JSON string into an object

Image
By User


Given a string of JSON data, how can you safely turn that string into a JavaScript object?



Obviously you can do this unsafely with something like... 





var obj = eval("(" + json + ')');


...but that leaves us vulnerable to the json string containing other code, which it seems very dangerous to simply eval.


Source: Tips4allCCNA FINAL EXAM
Labels:

Comments

  1. UserMay 19, 2012 at 2:59 AM

    JSON.org has JSON parsers for many languages including 4 different ones for Javascript. I believe most people would consider json2.js their goto implementation.

    ReplyDelete
  2. UserMay 19, 2012 at 2:59 AM

    Don't bother with that crap. If you're using jQuery just use:

    jQuery.parseJSON( jsonString );

    It's exactly what you're looking for

    http://api.jquery.com/jQuery.parseJSON/

    ReplyDelete
  3. UserMay 19, 2012 at 2:59 AM

    Why not just:

    JSON.parse(jsonString);

    ReplyDelete
  4. UserMay 19, 2012 at 2:59 AM

    I'm not sure about other ways to do it but here's how you do it in Prototype (JSON tutorial).

    new Ajax.Request('/some_url', {
    method:'get',
    requestHeaders: {Accept: 'application/json'},
    onSuccess: function(transport){
    var json = transport.responseText.evalJSON(true);
    }
    });


    Calling evalJSON() with true as the argument sanitizes the incoming string.

    ReplyDelete
  5. UserMay 19, 2012 at 2:59 AM

    If you're using jQuery, you can also just do $.getJSON(url, function(data) { });

    Then you can do things like data.key1.something, data.key1.something_else, etc.

    ReplyDelete
  6. UserMay 19, 2012 at 2:59 AM

    $.ajax({
    url: url,
    dataType: 'json',
    data: data,
    success: callback
    });



    The callback is passed the returned data, which will be a JavaScript object or array as defined by the JSON structure and parsed using the $.parseJSON() method.

    ReplyDelete
  7. UserMay 19, 2012 at 2:59 AM

    JS Guru Douglas Crockford has written a parseJSON function which you download here

    ReplyDelete
  8. UserMay 19, 2012 at 2:59 AM

    I have successfully been using json_sans_eval for a while now. According to its author, it is more secure than json2.js.

    ReplyDelete

Post a Comment

Popular posts from this blog

[韓日関係] 首相含む大幅な内閣改造の可能性…早ければ来月10日ごろ=韓国

By Unknown
Post a Comment
Read more

div not scrolling properly with slimScroll plugin

By User
I am using the slimScroll plugin for jQuery by Piotr Rochala Which is a great plugin for nice scrollbars on most browsers but I am stuck because I am using it for a chat box and whenever the user appends new text to the boxit does scroll using the .scrollTop() method however the plugin's scrollbar doesnt scroll with it and when the user wants to look though the chat history it will start scrolling from near the top. I have made a quick demo of my situation http://jsfiddle.net/DY9CT/2/ Does anyone know how to solve this problem?
1 comment
Read more

Why does this javascript based printing cause Safari to refresh the page?

By User
The page I am working on has a javascript function executed to print parts of the page. For some reason, printing in Safari, causes the window to somehow update. I say somehow, because it does not really refresh as in reload the page, but rather it starts the "rendering" of the page from start, i.e. scroll to top, flash animations start from 0, and so forth. The effect is reproduced by this fiddle: http://jsfiddle.net/fYmnB/ Clicking the print button and finishing or cancelling a print in Safari causes the screen to "go white" for a sec, which in my real website manifests itself as something "like" a reload. While running print button with, let's say, Firefox, just opens and closes the print dialogue without affecting the fiddle page in any way. Is there something with my way of calling the browsers print method that causes this, or how can it be explained - and preferably, avoided? P.S.: On my real site the same occurs with Chrome. In the ex
5 comments
Read more