Question

151

Eval is evil... So what should I use instead?

rated 0 times [ 154] [ 3] / answers: 1 / hits: 18757 / 16 Years ago, sat, march 14, 2009, 12:00:00

An ajax request returns me a standard JSON array filled with my user's inputs. The input has been sanitized, and using the eval() function, I can easily create my javascript object and update my page...

So here's the problem. No matter how hard I try to sanitize the inputs, I'd rather not use the eval() function. I've checked google for ways to use JSON in AJAX without eval and have ran accross a bunch of different methods...

Which one should I use? Is there a standard, proven-secure way of doing this?

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

marint

Add To Favorites

Follow

Total Points: 550

Total Questions: 105

Total Answers: 124

Location: Zambia

Member since Sat, Oct 31, 2020

4 Years ago

marint questions

1 Is it possible to remove unused imports with Prettier?

Sun, Jun 26, 22, 00:00, 2 Years ago

1 how to send a message to specific channel Discord.js

Thu, May 20, 21, 00:00, 3 Years ago

1 How do I create a card on button click?

Mon, Mar 1, 21, 00:00, 3 Years ago

1 How to make a component (popup modal) appear only once using React hooks or otherwise (React/Next js)

Mon, Jun 1, 20, 00:00, 4 Years ago

1 Flask POST request form data without refreshing page

Thu, May 28, 20, 00:00, 4 Years ago

View All

answered 16 Years ago myrap · Accepted Answer

json.org has a nice javascript library

simple usage:

JSON.parse('[{some:json}]');

JSON.stringify([{some:'json'}]);

Edit: As pointed out in comments, this uses eval if you look through its source (although it looks to be sanitized first)

to avoid it completely, look at json_parse or json-sans-eval

json2.js is insecure, json_parse.js is slow, json-sans-eval.js is non-validating