Is using advanced constructs (function, new, function calls) in JSON safe?

Posted by Vilx- on Stack Overflow See other posts from Stack Overflow or by Vilx-
Published on 2010-04-19T13:08:43Z Indexed on 2010/04/19 13:13 UTC
Read the original article Hit count: 223

Filed under:

JSON

|

standards

JSON is a nice way to pass complex data from my server side code to client side JavaScript. For example, in PHP I can write:

<script type="text/javascript>
    var MyComplexVariable = <?= BigFancyObjectGraph.GetJSON() ?>;
    DoMagic(MyComplexVariable);
</script>

This is pretty cool, but sometimes you want to pass more than basic date, like dates or even function definitions. There is a simple and straightforward way of doing it too, like:

<script type="text/javascript>
    var MyComplexVariable = {
        'SimpleProperty' : 42,
        'FunctionProperty' : function()
         {
             return 6*7;
         },
         'DateProperty' : new Date(989539200000),
         'ArbitraryProperty' : GetTheMeaningOfLifeUniverseAndEverything()
    };
    DoMagic(MyComplexVariable);
</script>

And this works like a charm on all browsers I've seen so far. But according to JSON.org such syntax is invalid. On the other hand, I've seen this syntax being used in very many places, including some popular JavaScript frameworks. So...

Can I expect any problems if I use "unsupported" JSON features like the above? Why is it wrong or not?

© Stack Overflow or respective owner

Related posts about JSON

Using JSON.NET for dynamic JSON parsing

as seen on West-Wind - Search for 'West-Wind'
With the release of ASP.NET Web API as part of .NET 4.5 and MVC 4.0, JSON.NET has effectively pushed out the .NET native serializers to become the default serializer for Web API. JSON.NET is vastly more flexible than the built in DataContractJsonSerializer or the older JavaScript serializer. The DataContractSerializer… >>> More
Azure Mobile Services: what files does it consist of?

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Azure Mobile Services is a platform that provides a small set of functionality consisting of authentication, custom data tables, custom API’s, scheduling scripts and push notifications to be used as the back-end of a mobile application or if you want, any application or web site. As described in my… >>> More
Retrieving Json Array

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I am trying to retrieve the values from the following url: http://rentopoly.com/ajax.php?query=Bo. I want to get the values of all the suggestions to be displayed in a list view one by one. This is how i want to do... public class AlertsAdd { public ArrayList<JSONObject> retrieveJSONArray(String… >>> More
Deserializing JSON data to C# using JSON.NET

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm relatively new to working with C# and JSON data and am seeking guidance. I'm using C# 3.0, with .NET3.5SP1, and JSON.NET 3.5r6. I have a defined C# class that I need to populate from a JSON structure. However, not every JSON structure for an entry that is retrieved from the web service contains… >>> More
Parsing nested JSON objects with JSON Framework for Objective-C

as seen on Stack Overflow - Search for 'Stack Overflow'
I have the following JSON object: { "response": { "status": 200 }, "messages": [ { "message": { "user": "value" "pass": "value", "url": "value" } ] } } I am using JSON-Framework (also tried JSON Touch) to parse through this and… >>> More

Related posts about standards

Software versioning standards

as seen on Stack Overflow - Search for 'Stack Overflow'
Are there any software versioning standards? Or i can change version of my product, when i have made some changes to it? Is there any percentage in changes, by which i can say, what version this product will have? >>> More
Coding standards

as seen on SQL Blogcasts - Search for 'SQL Blogcasts'
This post will be about coding standards. There are countless articles and blog posts related to this topic, so I know this post will not be too revealing. Yet I would like to mention a few things I came across during my work with the T-SQL code. Naming convention - there are many of them obviously… >>> More
Better Coding Standards in JavaScript 5

as seen on Internet.com - Search for 'Internet.com'
JavaScript 5 (ECMAScript 5) has just been released and it promises to bring stricter code and better coding standards to the table. To learn more about this exciting new update to the Internet's workhorse, read on. >>> More
How Portal Standards Enable Reuse

as seen on Internet.com - Search for 'Internet.com'
As an IT professional, it is likely that you have heard portal buzz words including JSR 168 and WSRP. But if you are like many, you may not understand the differences or the benefits of these complementary portal standards. >>> More
All Secure: "Keeping Current with Standards"

as seen on Oracle Technology Network - Search for 'Oracle Technology Network'
Oracle expertise in secure development practice is certified. >>> More