wood burning stoves 2.0*
The moose likes HTML, CSS and JavaScript and the fly likes eval & JSON Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » HTML, CSS and JavaScript
Bookmark "eval & JSON" Watch "eval & JSON" New topic
Author

eval & JSON

Stan James
(instanceof Sidekick)
Ranch Hand

Joined: Jan 29, 2003
Posts: 8791
I'm hand-throwing a bunch of AJAX & JSON code (can't use open source without a hassle) and wondered about the line I found in several JSON examples. (Had to write "evil" for "e v a l" to get by the Ranch's h4x0r filters.)

Any reason not to say ...

Two questions in one post ... sorry about this ... This is a tiny internal application so I'm not too concerned about somebody putting bogus code into my response, but I'd like to code for it anyhow. I read about putting a header on the JSON string and writing your JavaScript to pull it off before the evil(). Any other good approaches?


A good question is never answered. It is not a bolt to be tightened into place but a seed to be planted and to bear more seed toward the hope of greening the landscape of the idea. John Ciardi
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60822
    
  65

Originally posted by Stan James:

Any reason not to say ...


One could argue that the first approach makes more sense because the variable is declared "for real" and assigned the results of the evaluation, whereas the second approach embeds the variable declaration within the string which ends up with the same results but is more implicit.

Any other good approaches?


The header approach is liked because it doesn't pollute the data the way adding a property to the returned object (in JSON notation, of course) would.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Stan James
(instanceof Sidekick)
Ranch Hand

Joined: Jan 29, 2003
Posts: 8791
Thanks! This blog: JSON is not as safe as you think it is may put a bullet in the whole JSON idea here.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60822
    
  65

You're using cookie-based authentication?
Stan James
(instanceof Sidekick)
Ranch Hand

Joined: Jan 29, 2003
Posts: 8791
Right this minute I'm in alpha demo mode with no authentication, but I think we'll turn on the cookie based authentication in the team-standard controller servlet Real Soon Now.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: eval & JSON
 
Similar Threads
JSP variable into javascript
how to use struts 2 to redirect jQuery Ajax request
File Uploader with a progress bar in Struts2
Struts2-json plugin not serializing action class to json
Null values being returned from servlet