File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

eval & JSON

 
Stan James
(instanceof Sidekick)
Ranch Hand
Posts: 8791
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm hand-throwing a bunch of AJAX & JSON code (can't use open source without a hassle) and wondered about the line I found in several JSON examples. (Had to write "evil" for "e v a l" to get by the Ranch's h4x0r filters.)

Any reason not to say ...

Two questions in one post ... sorry about this ... This is a tiny internal application so I'm not too concerned about somebody putting bogus code into my response, but I'd like to code for it anyhow. I read about putting a header on the JSON string and writing your JavaScript to pull it off before the evil(). Any other good approaches?
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64188
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Stan James:

Any reason not to say ...


One could argue that the first approach makes more sense because the variable is declared "for real" and assigned the results of the evaluation, whereas the second approach embeds the variable declaration within the string which ends up with the same results but is more implicit.

Any other good approaches?


The header approach is liked because it doesn't pollute the data the way adding a property to the returned object (in JSON notation, of course) would.
 
Stan James
(instanceof Sidekick)
Ranch Hand
Posts: 8791
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks! This blog: JSON is not as safe as you think it is may put a bullet in the whole JSON idea here.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64188
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You're using cookie-based authentication?
 
Stan James
(instanceof Sidekick)
Ranch Hand
Posts: 8791
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Right this minute I'm in alpha demo mode with no authentication, but I think we'll turn on the cookie based authentication in the team-standard controller servlet Real Soon Now.
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic