Menu
My Spider Sense warns me that using eval() to parse incoming JSON is a bad idea. I'm just wondering if JSON.parse() - which I assume is a part of JavaScript and not a browser-specific function - is more secure.
707
parse() is safer to use because the eval() function will execute js where json. parse() will only process valid JSON string representations into a JavaScript value or JSON object. json. parse() will throw an error if invalid JSON strings are passed to it.
Malicious code : invoking eval can crash a computer. For example: if you use eval server-side and a mischievous user decides to use an infinite loop as their username. Terribly slow : the JavaScript language is designed to use the full gamut of JavaScript types (numbers, functions, objects, etc)… Not just strings!
The eval() function in JavaScript is used to take an expression and return the string. As a result, it can be used to convert the string into JSON.
Using eval()The eval() function can interpret and execute any JavaScript. This represents a potential security problem. Try to avoid it. It is safer to use a JSON parser to convert a JSON text to a JavaScript object.
You are more vulnerable to attacks if using eval: JSON is a subset of Javascript and json.parse just parses JSON whereas eval would leave the door open to all JS expressions.
118
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
