0

I am currently using eval in JavaScript to convert JSON data returned from the server into an object.

eval ("myObject="+data);

I've been told that eval is 'evil' and can open up big security problems.

I'm wondering - is using eval to convert JSON data to an object the accepted practice? Or is there a better way?

Improve this question
1
  • Now I'm curious if JSON.parse wasn't a thing back then.. Commented Jan 9, 2016 at 20:57

1 Answer 1

Reset to default
1

The reason eval is considered a bad practice is that user can evaluate anything that is sent from the server. This means if you have comments forum and the user submits some JavaScript code for the comments and you eval on the client side then your website can easily be hijacked.

I like the JQuery-Json plug-in. You can check it out using the following link:

link text

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Even John Resig suggests that you use the json2.js library. It's also baked into jquery 1.4.2 as jQuery.parseJSON - if that's the only function you need (rather than parse and stringify). I'd say that jquery-json doesn't really have a place here anymore. Also, we can't assume jQuery on a non jQuery tagged question
If Job Resig suggests to use json2.js then I am moving to json2.js from right now. Thanks!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.