Using JavaScript eval to parse JSON
Posted
by Quandary
on Stack Overflow
See other posts from Stack Overflow
or by Quandary
Published on 2010-03-23T10:25:37Z
Indexed on
2010/03/23
10:33 UTC
Read the original article
Hit count: 323
Question: I'm using eval to parse a JSON return value from one of my WebMethods.
I prefer not to add jquery-json because the transfer volume is already quite large.
So I parse the JSON return value with eval.
Now rumors go that this is insecure. Why ?
Nobody can modify the JSOn return value unless they hack my server, in which case I would have a much larger problem anyway.
And if they do it locally, JavaScript only executes in their browser.
So I fail to see where the problem is.
Can anybody shed some light on this, using this concrete example?
function OnWebMethodSucceeded(JSONstrWebMethodReturnValue)
{
var result=eval('(' + JSONstrWebMethodReturnValue + ')')
... // Adding result.xy to a table
}
© Stack Overflow or respective owner