Results 1 to 2 of 2
Thread: AJAX: eval() data
Nov 27, 2005, 15:40 #1
- Join Date
- Jan 2005
- 0 Post(s)
- 0 Thread(s)
AJAX: eval() data
Is it unsafe to eval() plain text data channeled through a XMLHttpRequest object?
For example, I make a request... and the response from server says:
var error=1;var error_msg='User not logged in';
and I pass that response through eval() to initiate those variables. I just want to know if this is a safe approach on handling data from the XMLHttpRequest object.
Nov 27, 2005, 15:53 #2
I would not recommend it.
Safety concerns aside, quite honestly, it's a pretty nasty way to pass a response. My normal method is to pass back any information via xml, and to parse it at the client end.
In this case, it might be done as:
<response type="error"> <error message="User not logged in" /> </response>
Another option that I'm looking into is to go the JSON route, which looks pretty useful.Only dead fish go with the flow