The difference between Json.parse and eval

Json.parse with Eval and the ability to parse a string into a JSON object, but it still makes a big difference.

Test code

var A = "{  a:1, B: ' Hello '}"; var b = "{  ' a ': 1, ' B ': ' Hello '}"; var C = "{' A ': 1, ' B ': ' Hello '}"; var D = ' {"A":  1, "B": "Hello"} '; var E = ' {"A": 1, "B": "Hello"} '; var F = ' {"A": 1, \ n  "B": "Hello"} '; var G = ' {"A": 1, "B" : window.location.href= "https://www.baidu.com"} ';

　　

Json.parse Execution:

Example: Json.parse (A);

A, B, C, G are not allowed to turn, D, E, F can be.

Eval execution:

Example: eval ("(" +a+ ")");

A to G can be turned, especially to G, the page also jumped to Baidu.

Json.parse

As shown in the example above, this method can only parse a string object where the property name is wrapped in double quotation marks, and ignores line breaks and spaces (outside the value).

However, the terms of the JSON string that can be parsed from the MDN description of JSON are complete as follows:

JavaScript type	The difference between JSON and
Objects and Arrays	Property names must be wrapped in double quotation marks; The last property cannot have commas after it.
Numerical	Leading 0 cannot be used (it will be ignored in json.stringify and will throw an error in json.parse); there is at least one digit after the decimal point.
String	Only limited characters can be escaped, some control characters are not allowed, but Unicode line delimiters (u+2028) and paragraph separators (u+2029) are allowed, and strings must be enclosed in double quotation marks.

This method also captures syntax errors in JSON and allows you to pass in a function that filters or transforms the parsing results.

Browser compatible: ie8+

Eval

The Eval function evaluates a JavaScript code string into a specific object, so parsing to a JSON object is just one of the functions.

Why does the Eval () parse JSON string enclose parentheses?

The reason is two points:

1. The JSON object starts and ends in the form of "{}", and in JS it is treated as a block of statements.

2. Parentheses in order to process the string as an expression, rather than as a statement (statement) to execute.

Example:

Object literal {}, without enclosing parentheses, then Eval will be recognized as the start and end tag of the JS block, then {} will be considered to have executed an empty statement.

// return undefinedalert (eval ("({})")); // return Object[object]

Do not recommend using

Although the ability to eval is strongly json.parse from the demo example, it can parse an irregular JSON string, but the G example also shows that eval is unsafe, especially when the data is given by a third party, and you don't know what it will do after Eval.

So the conclusion is to use Json.parse to parse the JSON object.

$.parsejson

jquery also provides a way to parse JSON strings, $.parsejson, in the current jquery version, divided into two categories.

2.x and 3.x versions: $.parsejson are used directly by Json.parse.

1.x version: Browser support json.parse Use this, do not support the verification, the confirmation is a JSON string, then use the

  (Function ("return" + str)) ()

Returns an object that otherwise returns an invalid JSON object error.

PS: The reason can be handled with a function, if the checksum is confirmed as a JSON string, or is not a safe conversion method.

Summarize

Eval is strongly not recommended for parsing JSON strings, but everything is not absolute, if the data comes from a trust and the format is not very normative, then it is not impossible to use it.

Reference documents

1. Https://developer.mozilla.org/zh-CN/docs/Web/JavaScript/Reference/Global_Objects/JSON

2. Https://code.jquery.com/jquery-1.12.4.js

This article is for reprint article, transfer from address: http://www.cnblogs.com/lovesong/p/6036650.html

The difference between Json.parse and eval