Recently I came to know that ..... it's better to to generate some JSON instead of plain HTML when i am calling AJAX.
But today i read that the usage of eval is dangerous while i processing the AJAX JSON response suing eval.
I could not get the point ....Could you please explain me!
5 1708
It's dangerous when the server doesn't validate properly and delivers invalid JSON. You could use a JSON parser instead of eval. See this link for more information.
actually, there is little danger in evalin'g json from ajax.
ajax only works on your site, which presumably you control, and thus it will never spit out malicious code as long as you scrub any user-generated content.
the danger is when fetching third-party data in json from external sites that you DO NOT control. you are up to the mercy of the data source as to the safety of the code.
personally,
i think this issue is largely theoretical and over-hyped. most json apis are run by reputable sites like digg, flickr, and delicious. i don't see them enterprising to hacking anytime soon.
It's dangerous when the server doesn't validate properly and delivers invalid JSON. You could use a JSON parser instead of eval. See this link for more information.
Invalid JSON means what?
Could i know that?
actually, there is little danger in evalin'g json from ajax.
ajax only works on your site, which presumably you control, and thus it will never spit out malicious code as long as you scrub any user-generated content.
unless you happen to be using a web proxy.
the danger is when fetching third-party data in json from external sites that you DO NOT control. you are up to the mercy of the data source as to the safety of the code.
personally,
i think this issue is largely theoretical and over-hyped. most json apis are run by reputable sites like digg, flickr, and delicious. i don't see them enterprising to hacking anytime soon.
You're probably correct, but it's always better to be safe than sorry.
Invalid JSON means what?
Could i know that?
It can't be parsed properly and doesn't follow the syntax as described here. As rnd me mentioned though, this could be theoretical, but I wouldn't take any chances.
Sign in to post your reply or Sign up for a free account.
Similar topics
by: DartmanX |
last post by:
Hi,
Looking for recommendations for a decent API for AJAX work. I need it
to be somewhat documented so I can figure out how to actually use it.
My most critical need right now is clean code...
|
by: VK |
last post by:
Google Trends is an all new service (started May 10) and I have not
responsability for proper query or data accuracy.
Overall seems pretty close to what could be observed by the post
history in...
|
by: paladin.rithe |
last post by:
I was playing around with the JSON AJAX Chat tutorial at
dynamicajax.com, and got it working ok. Now, it should be said that my
main browser is FF2. Anyway, I decided to run it in IE and Opera to...
|
by: UKuser |
last post by:
Hi,
I'm working on the following code, which works fine in Firefox, but
not in IE. The problem is its not posting the variable to my page and
I'm thinking its something wrong with the...
|
by: =?Utf-8?B?U2hhd24gU2VzbmE=?= |
last post by:
Greetings! I was researching AJAX to provide a solution to displaying status
messages while a long process executed. I found several examples online and
was able to use their code to get a quick...
|
by: Jeff |
last post by:
I'm writing my first json/ajax code and I'm having a hard time wrapping
my mind around security issues.
I'm thinking of a json response that would look like this:
{"data":}...
|
by: kj |
last post by:
I would like to convert a form that currently uses the traditional
CGI sequence (i.e. the action associated with the form sends a POST
request to a server-side CGI script) to one that uses AJAX to...
|
by: crocodilu2008 |
last post by:
JSON vs. XML
JSON and XML are basically used for the same purpose—to represent and interchange data. I'll try to show you why you might want to use JSON rather than XML in an AJAX context by showing...
|
by: Kelicula |
last post by:
Hi all,
I am usually a Perl programmer, I have some background in javascript and am attempting to create a Googleish selector div.
Please bear with me, excuse the long introduction...
Here's...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |