Question

115

Alternatives to JavaScript eval() for parsing JSON

rated 0 times [ 122] [ 7] / answers: 1 / hits: 46578 / 15 Years ago, wed, june 3, 2009, 12:00:00

Quick Question. Eval in JavaScript is unsafe is it not? I have a JSON object as a string and I need to turn it into an actual object so I can obtain the data:

function PopulateSeriesFields(result) 

{

    data = eval('(' + result + ')');

    var myFakeExample = data.exampleType

}

If it helps I am using the $.ajax method from jQuery.

Thanks

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

ravenl

Add To Favorites

Follow

Total Points: 338

Total Questions: 107

Total Answers: 112

Location: Belize

Member since Mon, Jun 20, 2022

2 Years ago

answered 15 Years ago jackelyn · Accepted Answer

Well, safe or not, when you are using jQuery, you're better to use the $.getJSON() method, not $.ajax():

$.getJSON(url, function(data){

    alert(data.exampleType);

});

eval() is usually considered safe for JSON parsing when you are only communicating with your own server and especially when you use a good JSON library on server side that guarantees that generated JSON will not contain anything nasty.

Even Douglas Crockford, the author of JSON, said that you shouldn't use eval() anywhere in your code, except for parsing JSON. See the corresponding section in his book JavaScript: The Good Parts