As per wikipedia:
"Recent web browsers now either have or are working on native JSON encoding/decoding which removes the eval() security problem above. Native JSON is generally faster compared to the JavaScript libraries commonly used before. As of June 2009 the following browsers have or will have native JSON support:
* Mozilla Firefox 3.5+[9]
* Microsoft Internet Explorer 8[10]
* Webkit-based browsers (e.g. Google Chrome, Apple Safari)[11]"
So before June 2009, you had to use eval() to parse JSON?
Would the following code work in older browsers prior to 2009:
var myJSONObject = {“bindings”: [
{“ircEvent”: “PRIVMSG”, “method”: “newURI”, “regex”: “^http://."},
{“ircEvent”: “PRIVMSG”, “method”: “deleteURI”, “regex”: "^delete.”},
{“ircEvent”: “PRIVMSG”, “method”: “randomURI”, “regex”: “^random.*”}
]
};
As a programmer, I just want to pass some simple JSON data between applications. If I could pass it without the need to refer to a library that would be great… but is it realistic?
Thanks in advance, I know a lot of brilliant minds hang out here.
Yes that code will work, because it’s plain jane javascript. It requires interpretation by the browser javascript engine. This isn’t significantly different compared to eval.
eval/javascript interpretation is fine if you’re confident that the string to be evaluated is syntactically correct json. If you use a good library to generate the json, this shouldn’t be an issue. Validation of the values before generating the json may be desired depending on what/where those values come from.
If this is something unrealistic for your situation, then there should not be a second thought - you simply don’t want the javascript interpretor executing it as code. Either use a json library, or use other formats like xml. Same goes for if you’re doubtful of your abilities or understanding.
The var myJSONObject = {“bindings”:…} and eval(). What’s the difference?
Are the differences between browser interpretation significant?
My interest is more on the decoding side. I guess I’m basically asking, if I want my decoding to work the same on most common browsers… is a library decoder the safest bet, or is this something browsers managed to actually agree on?
Sorry, I wasn’t clear. I should have said:
Including this code via an inline or external <script> tag
var myJSONObject = {"bindings": [
{"ircEvent": "PRIVMSG", "method": "newURI", "regex": "^http://.*"},
{"ircEvent": "PRIVMSG", "method": "deleteURI", "regex": "^delete.*"},
{"ircEvent": "PRIVMSG", "method": "randomURI", "regex": "^random.*"}
]
};
Is not significantly different from using eval() on the following json string
{"bindings": [
{"ircEvent": "PRIVMSG", "method": "newURI", "regex": "^http://.*"},
{"ircEvent": "PRIVMSG", "method": "deleteURI", "regex": "^delete.*"},
{"ircEvent": "PRIVMSG", "method": "randomURI", "regex": "^random.*"}
]
}
Regardless, all browsers have excellent support for either method. This is extremely basic and fundamental javascript syntax that is very well agreed upon.