SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Enthusiast
    Join Date
    Dec 2007
    Posts
    66
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Need replacement for eval(string) -> array

    I've got a string that comes from a cookie value. The format of this string (after some minor manipulation) looks like this:

    "[['foo',[[0,1],[2,0],[3,1]]],['bar',[[2,1],[4,0]]]]"

    Here's the same string reformatted just to make it easier to view the parts:
    Code:
    [
        [
            'foo' , 
            [
                [0,1],
                [2,0],
                [3,1]
            ]
        ],
        [
            'bar' , 
            [
                [2,1],
                [4,0]
            ]
        ]
    ]
    Essentially, this string represents several nested arrays. I have no way of knowing how many items will be in any of the arrays.

    I need to convert this structure to actual arrays.

    I could do this:

    var myArray = eval(myString);

    But this is a security risk. Someone could have modified the cookie so that the resulting string would execute some malicious function.

    What's the best (safest) way to convert my string to an array?

  2. #2
    SitePoint Wizard chris_fuel's Avatar
    Join Date
    May 2006
    Location
    Ventura, CA
    Posts
    2,751
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    if you do it in JSON, you can use the parseJson code to read from a potential insecure source. In this current form, I'm not sure of what else you'd be able to do short of writing your own custom parser, or giving in and using eval.

  3. #3
    SitePoint Enthusiast
    Join Date
    Dec 2007
    Posts
    66
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That's actually what I was planning on doing. I wanted to make sure there were no other options first. Thanks.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •