Using JavaScript eval to parse JSON

Posted by Quandary on Stack Overflow See other posts from Stack Overflow or by Quandary
Published on 2010-03-23T10:25:37Z Indexed on 2010/03/23 10:33 UTC
Read the original article Hit count: 323

Filed under:
|
|
|
|

Question: I'm using eval to parse a JSON return value from one of my WebMethods.

I prefer not to add jquery-json because the transfer volume is already quite large. So I parse the JSON return value with eval.
Now rumors go that this is insecure. Why ?

Nobody can modify the JSOn return value unless they hack my server, in which case I would have a much larger problem anyway.

And if they do it locally, JavaScript only executes in their browser.
So I fail to see where the problem is.

Can anybody shed some light on this, using this concrete example?

function OnWebMethodSucceeded(JSONstrWebMethodReturnValue) 
{
    var result=eval('(' + JSONstrWebMethodReturnValue + ')')
    ... // Adding result.xy to a table
}

© Stack Overflow or respective owner

Related posts about JavaScript

Related posts about JSON