Home > Web Front-end > JS Tutorial > An in-depth analysis of the functions of JSON.parse(), JSON.stringify() and eval()_javascript skills

An in-depth analysis of the functions of JSON.parse(), JSON.stringify() and eval()_javascript skills

WBOY
Release: 2016-05-16 15:06:47
Original
1979 people have browsed it

"JSON (JavaScript Object Notation) is a lightweight data exchange format. It is based on a subset of ECMAScript. Because it uses a language-independent text format, it also uses habits similar to the C language family, and has These characteristics make JSON an ideal data exchange language, which is easy for humans to read and write, and also easy for machines to parse and generate (generally used to improve network transmission rates). ” 

Today I would like to briefly talk about the JSON.parse() and JSON.stringify() functions in jquery. By the way, I will also mention the eval() function in native JS

(1) JSON.parse function

Function: Convert JavaScript Object Notation (JSON) string to object. ​

Syntax: JSON.parse(text [, reviver])

Parameters:

text Required. A valid JSON string.

reviver Optional. A function that converts the result. This function will be called for each member of the object.
Return value: an object or array

example:

var json = '{"name":"GDT","age":,"University":"GDUT"}';
var info = JSON.parse(json);  //解析为JSON对象
document.write(info.name + ' is a student of ' + info.University + ' and he is ' + info.age + " years old."); /info为Object对象
Copy after login

(2) JSON.stringify() function

Function: Convert JavaScript value to JavaScript Object Notation (JSON) string

Syntax: JSON.stringify( value [, replacer] [, space])

Parameters:

value Required, usually the JavaScript value that needs to be converted (usually an object or array)

replacer Optional, function or array used to convert the result

space Optional. Adds indentation, spaces, and newlines to the return value JSON text to make it easier to read.

Return value: a string containing JSON text

example:

var info = {name:"GDT",age:,University:"GDUT"};
var json = JSON.stringify(info); //转换为JSON字符串
document.write(json); //output为{"name":"GDT","age":23,"University":"GDUT"}
Copy after login

(3) eval() function

Function: The eval() function can calculate a string and execute the JavaScript code in it.

Syntax: eval(string)

Parameters:

string Required, the string to be evaluated, which contains the JavaScript expression to be evaluated or the statement to be executed.

Return value: Return the value of the calculated string, if any (if not, return without any changes)

example:

eval("x=;y=;document.write(x*y)"); //output为
document.write(eval("+"));  //output为
var x=;
document.write(eval(x+));  //output为

Copy after login

Use the eval() function to parse JSON strings into objects. This function can complete the functions of JSON.parse(), but there are differences. Please see the following code

// JSON.parse()
var json = '{"name":"GDT","age":,"University":"GDUT"}';
var info = JSON.parse(json);    //解析为JSON对象
document.write(info); //output为[object Object]
//eval()
var json = '{"name":"GDT","age":,"University":"GDUT"}';
var info = eval('(' + json + ')'); //解析为JSON对象
document.write(info); //output为[object Object]
Copy after login

I don’t know if you have noticed that eval() also uses a pair of parentheses to wrap the string. I found a better explanation for this:

Reason: It is due to the problem of eval itself. Since json starts and ends with "{}", in JS, it will be processed as a statement block, so it must be forced to be converted. into an expression.

Solution: The purpose of adding parentheses is to force the eval function to convert the expression in the parentheses into an object when processing JavaScript code, rather than executing it as a statement. For example, take the object literal {}. If no outer brackets are added, then eval will recognize the braces as the beginning and end marks of the JavaScript code block, and {} will be considered to execute an empty statement. Please see the difference in the following examples

alert(eval("{}")); // return undefined
alert(eval('('+'{}'+')')); // return object[Object] 
Copy after login

In addition, compared to JSON.parse() with strict writing format, eval() can parse any string. eval is unsafe because eval is relatively loose and has potential security issues. For example, the following code:

var str = '{"a":"b"}';
document.write(eval("("+str+")")); //正常解析为对象
var str = '{"a": (function(){alert("I can do something bad!");})()}';
eval('('+str+')'); //可以用来执行木马脚本 
Copy after login

If a malicious user injects a script that inserts a Trojan link into the page into the json string, it can also be operated with eval. However, you don’t have to worry about this problem with JSON.parse(). It can be seen that although the eval() function is very Powerful, but there are not many opportunities to actually use it.

It’s time for a personal summary. This is my first blog in my life. It was born on Fool’s Day on April 1st. I hope you can forgive me for the poor writing. The current technology is very bad. I really hope that I can do it now. Accumulate knowledge bit by bit and lay a good foundation for future success, fighting~

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template