Menu
Can you please tell me the reason for this specific syntax structure
eval('(' + jsonString+ ')') When parsing json text. Crockford says "The text must be wrapped in parens to avoid tripping on an ambiguity in JavaScript's syntax." here. What does that mean?
Can we avoid it?
377
The eval() function in JavaScript is used to take an expression and return the string. As a result, it can be used to convert the string into JSON.
The JSON. parse() method parses a JSON string, constructing the JavaScript value or object described by the string. An optional reviver function can be provided to perform a transformation on the resulting object before it is returned.
JSON is derived from JavaScript and its syntax is mostly a subset of the language, it is often possible to use the JavaScript eval() function to parse JSON data.
Malicious code : invoking eval can crash a computer. For example: if you use eval server-side and a mischievous user decides to use an infinite loop as their username. Terribly slow : the JavaScript language is designed to use the full gamut of JavaScript types (numbers, functions, objects, etc)… Not just strings!
The syntax ambiguity to which Crockford refers is that if an open curly brace is not found on expression context, it will be recognized like a block, and not like the start of an object literal.
For example:
{"foo": "bar"} // SyntaxError Will give you a syntax error, because it will be interpreted as a block, with a string literal "foo", and a unexpected usage of the token :.
On the other hand, the parentheses, formally called the grouping operator, can only evaluate expressions, therefore we will not have any syntax ambiguity because a block can only be expected on a statement context.
({"foo": "bar"}) Edit: @el.pescado makes an interesting question:
Can you explain why eval('{}') is undefined?
ECMAScript describes an internal type to explain the behavior of statements, it's called The Completion Specification Type.
Values of the Completion type are triples of the form of (type, value, target), where type can be normal, break, continue, return, or throw.
value can be any language value or empty, and target any Identifier or empty.
An empty block (the production Block : {}) explicitly returns the following completion:
Return (normal, empty, empty). The eval function, after executing the code, and exiting the newly created execution context, checks the result completion of the evaluated code, and in the Step 7 we can see that undefined is explicitly returned if the completion type is normal and the completion value is empty:
...
7- If result.type is normal and its completion value is empty, then return the value undefined.
...
103
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
