By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,144 Members | 849 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,144 IT Pros & Developers. It's quick & easy.

Json+ajax

dmjpro
100+
P: 2,476
Recently I came to know that ..... it's better to to generate some JSON instead of plain HTML when i am calling AJAX.
But today i read that the usage of eval is dangerous while i processing the AJAX JSON response suing eval.
I could not get the point ....Could you please explain me!
Aug 14 '08 #1
Share this Question
Share on Google+
5 Replies


acoder
Expert Mod 15k+
P: 16,027
It's dangerous when the server doesn't validate properly and delivers invalid JSON. You could use a JSON parser instead of eval. See this link for more information.
Aug 15 '08 #2

rnd me
Expert 100+
P: 427
actually, there is little danger in evalin'g json from ajax.

ajax only works on your site, which presumably you control, and thus it will never spit out malicious code as long as you scrub any user-generated content.


the danger is when fetching third-party data in json from external sites that you DO NOT control. you are up to the mercy of the data source as to the safety of the code.

personally,
i think this issue is largely theoretical and over-hyped. most json apis are run by reputable sites like digg, flickr, and delicious. i don't see them enterprising to hacking anytime soon.
Aug 15 '08 #3

dmjpro
100+
P: 2,476
It's dangerous when the server doesn't validate properly and delivers invalid JSON. You could use a JSON parser instead of eval. See this link for more information.
Invalid JSON means what?
Could i know that?
Aug 15 '08 #4

acoder
Expert Mod 15k+
P: 16,027
actually, there is little danger in evalin'g json from ajax.

ajax only works on your site, which presumably you control, and thus it will never spit out malicious code as long as you scrub any user-generated content.
unless you happen to be using a web proxy.

the danger is when fetching third-party data in json from external sites that you DO NOT control. you are up to the mercy of the data source as to the safety of the code.

personally,
i think this issue is largely theoretical and over-hyped. most json apis are run by reputable sites like digg, flickr, and delicious. i don't see them enterprising to hacking anytime soon.
You're probably correct, but it's always better to be safe than sorry.
Aug 16 '08 #5

acoder
Expert Mod 15k+
P: 16,027
Invalid JSON means what?
Could i know that?
It can't be parsed properly and doesn't follow the syntax as described here. As rnd me mentioned though, this could be theoretical, but I wouldn't take any chances.
Aug 16 '08 #6

Post your reply

Sign in to post your reply or Sign up for a free account.