Analysis of precautions for using eval to parse JSON in JS, and jseval to parse json

Analysis of precautions for using eval to parse JSON in JS, and jseval to parse json

This article analyzes in detail the precautions for using eval to parse JSON in JS. We will share this with you for your reference. The details are as follows:

JSON strings are parsed into JSON data formats in JS. There are two methods:

1. Use the eval () function.

2. Use the Function object for return parsing.

Use the eval function to parse and use the jquery each method to traverse

The JSON data parsing method using jquery is used as the transmission object of jquery asynchronous requests. The result returned by the jquery request is a json object, which is considered in the form of a JSON string returned by the server, JSON objects encapsulated by plug-ins such as JSONObject are similar in that they are not described here.

Here we first provide a JSON string set, which is as follows:

The Code is as follows:

Var data = "{root: [{name: '1', value: '0'}, {name: '000000', value: 'beijing'}, {name: '20140901', value: 'tianjin City '}, {name: '20160301', value: 'shanghai'}, {name: '20160301', value: 'chongqing '}, {name: '000000', value: 'weinan City '}, {name: '000000', value: 'yan'an City'}, {name: '000000', value: 'hanzhong City '}, {name: '000000', value: 'yulin City'}, {name: '000000', value: 'ankang City '}, {name: '200', value: 'shangluo City '}]} ";

Here, based on the data type obtained asynchronously by jquery-json object and string, we will introduce the Processing Methods of the obtained results in two ways.

1. for the JSON string returned by the server, if the jquery asynchronous request does not provide a type description or is accepted as a string, an object processing is required. The method is not too troublesome, but the string is placed in eval (). This method is also suitable for obtaining json objects in the common ccipt mode. The following is an example:

Var dataObj = eval ("(" + data + ")"); // convert to the json object Red rose. Why do you need to add "(" + data + ")" ("+ data + ")?

The reason is: Problems with eval itself. Json starts and ends in the form of "{}". In JS, json is treated as a statement block. Therefore, it must be forcibly converted into an expression.

The purpose of parentheses is to force the eval function to forcibly convert the expressions in parentheses into objects when processing JavaScript code, rather than being executed as statements. For example, if no outer brackets are added to the object literal {}, eval identifies the braces as the start and end mark of the JavaScript code block, then {} is considered to have executed an empty statement. The following two execution results are different:

alert(eval("{}"); // return undefinedalert(eval("({})");// return object[Object]

For this method, we can see it everywhere in JS.

For example, (function () {} (); During the closure operation.

Alert (dataObj. root. length); // number of output root sub-objects $. each (dataObj. root, fucntion (idx, item) {if (idx = 0) {return true;} // output the name and value of each root sub-object alert ("name:" + item. name + ", value:" + item. value );})

Note: for General js json objects, you only need to replace the $. each () method with the for statement.

2. for the JSON string returned by the server, if the jquery asynchronous request sets the type (usually this Configuration Attribute) to "json", or the $. the getJSON () method does not need the eval () method to obtain the server response. Because the result is already a json object, you only need to call this object directly. In this example, $. the getJSON method is used as an example to describe the data processing method:

$. GetJSON ("http://www.phpzixue.cn/", {param: "gaoyusi"}, function (data) {// The data returned here is already a json object // other operations below are the same as the first case $. each (data. root, function (idx, item) {if (idx = 0) {return true; // returns false with break} alert ("name:" + item. name + ", value:" + item. value );});});

Note that the eval () method in method 1 dynamically executes the strings (which may be JavaScript scripts), which can easily cause system security problems. Therefore, some third-party client script libraries that circumvent eval () can be used. For example, JSON in JavaScript provides a script library of no more than 3 K.

The second method of parsing is to use the Function object. Its typical application is to parse the data returned by success under the AJAX method in JQUERY.

var json='{"name":"CJ","age":18}';data =(new Function("","return "+json))();

At this time, data is parsed into a json object.

I hope this article will help you design JavaScript programs.