Create an Account
username: password:
 
  MemeStreams Logo

RE: X-JSON in Prototype

search


RE: X-JSON in Prototype
by Lost at 1:03 pm EST, Dec 29, 2006

Acidus wrote:

new Ajax.Request('?url=backend',{onSuccess:responseHandler});
var responseHandler = function(t) { json = eval(t.getResponseHeader('X-JSON'));

eval() is the WORST thing you can ever do in JavaScript and people who process JSON with eval() should be punched in the face.

Quoting from the great Douglas Crockford:

However, [eval()] can compile and execute any JavaScript program, so there can be security issues. The use of eval is indicated when the source is trusted. This is commonly the case in web applications when a web server is providing both the base page and the JSON data. There are cases where the source is not trusted. In particular, clients should never be trusted.

When security is a concern it is better to use a JSON parser. A JSON parser will only recognize JSON text and so is much safer:

var jsonObject = eval('(' + jsonString + ')');

You mean like that?

Ducks.

I should be doing like prototype's evalJSON, instead, which does this:

return eval(this.header('X-JSON'));
} catch (e) {}

?

RE: X-JSON in Prototype


 
 
Powered By Industrial Memetics