Skip to main content

Safely turning a JSON string into an object

Image
By User


Given a string of JSON data, how can you safely turn that string into a JavaScript object?



Obviously you can do this unsafely with something like... 





var obj = eval("(" + json + ')');


...but that leaves us vulnerable to the json string containing other code, which it seems very dangerous to simply eval.


Source: Tips4allCCNA FINAL EXAM
Labels:

Comments

  1. UserMay 19, 2012 at 2:59 AM

    JSON.org has JSON parsers for many languages including 4 different ones for Javascript. I believe most people would consider json2.js their goto implementation.

    ReplyDelete
  2. UserMay 19, 2012 at 2:59 AM

    Don't bother with that crap. If you're using jQuery just use:

    jQuery.parseJSON( jsonString );

    It's exactly what you're looking for

    http://api.jquery.com/jQuery.parseJSON/

    ReplyDelete
  3. UserMay 19, 2012 at 2:59 AM

    Why not just:

    JSON.parse(jsonString);

    ReplyDelete
  4. UserMay 19, 2012 at 2:59 AM

    I'm not sure about other ways to do it but here's how you do it in Prototype (JSON tutorial).

    new Ajax.Request('/some_url', {
    method:'get',
    requestHeaders: {Accept: 'application/json'},
    onSuccess: function(transport){
    var json = transport.responseText.evalJSON(true);
    }
    });


    Calling evalJSON() with true as the argument sanitizes the incoming string.

    ReplyDelete
  5. UserMay 19, 2012 at 2:59 AM

    If you're using jQuery, you can also just do $.getJSON(url, function(data) { });

    Then you can do things like data.key1.something, data.key1.something_else, etc.

    ReplyDelete
  6. UserMay 19, 2012 at 2:59 AM

    $.ajax({
    url: url,
    dataType: 'json',
    data: data,
    success: callback
    });



    The callback is passed the returned data, which will be a JavaScript object or array as defined by the JSON structure and parsed using the $.parseJSON() method.

    ReplyDelete
  7. UserMay 19, 2012 at 2:59 AM

    JS Guru Douglas Crockford has written a parseJSON function which you download here

    ReplyDelete
  8. UserMay 19, 2012 at 2:59 AM

    I have successfully been using json_sans_eval for a while now. According to its author, it is more secure than json2.js.

    ReplyDelete

Post a Comment

Popular posts from this blog

Slow Android emulator

By User
I have a 2.67 GHz Celeron processor, 1.21 GB of RAM on a x86 Windows XP Professional machine. My understanding is that the Android emulator should start fairly quickly on such a machine, but for me it does not. I have followed all instructions in setting up the IDE, SDKs, JDKs and such and have had some success in staring the emulator quickly but is very particulary. How can I, if possible, fix this problem?
30 comments
Read more

CCNA 1 Final Exam 2011 latest (hot hot hot)

By User
  Hi! I have been posted content of ccna1 final exam (latest and only question.) I will post the answer and insert image on sunday. If you care, please subscribe your email an become a first person have full test content. Subcribe now  Some question  have not content because this question have images content. So that can you wait for me? SUNDAY 1. A user sees the command prompt: Router(config-if)# . What task can be performed at this mode? Reload the device. Perform basic tests. Configure individual interfaces. Configure individual terminal lines. 2. Refer to the exhibit. Host A attempts to establish a TCP/IP session with host C. During this attempt, a frame was captured with the source MAC address 0050.7320.D632 and the destination MAC address 0030.8517.44C4. The packet inside the captured frame has an IP source address 192.168.7.5, and the destination IP address is 192.168.219.24. At which point in the network was this packet captured? leaving host A leaving ATL leaving...
114 comments
Read more