An in-depth analysis of the functions of JSON.parse(), JSON.stringify() and eval()_javascript skills

"JSON (JavaScript Object Notation) is a lightweight data exchange format. It is based on a subset of ECMAScript. Because it uses a language-independent text format, it also uses habits similar to the C language family, and has These characteristics make JSON an ideal data exchange language, which is easy for humans to read and write, and also easy for machines to parse and generate (generally used to improve network transmission rates). ”　

Today I would like to briefly talk about the JSON.parse() and JSON.stringify() functions in jquery. By the way, I will also mention the eval() function in native JS

(1) JSON.parse function

Function: Convert JavaScript Object Notation (JSON) string to object. ​

Syntax: JSON.parse(text [, reviver])

Parameters:

text　Required. A valid JSON string.

reviver Optional. A function that converts the result. This function will be called for each member of the object.
Return value: an object or array

example:

var json = '{"name":"GDT","age":,"University":"GDUT"}';
var info = JSON.parse(json);　　//解析为JSON对象
document.write(info.name + ' is a student of ' + info.University + ' and he is ' + info.age + " years old."); /info为Object对象

(2) JSON.stringify() function

Function: Convert JavaScript value to JavaScript Object Notation (JSON) string

Syntax: JSON.stringify( value [, replacer] [, space])

Parameters:

value　Required, usually the JavaScript value that needs to be converted (usually an object or array)

replacer　Optional, function or array used to convert the result

space Optional. Adds indentation, spaces, and newlines to the return value JSON text to make it easier to read.

Return value: a string containing JSON text

example:

var info = {name:"GDT",age:,University:"GDUT"};
var json = JSON.stringify(info); //转换为JSON字符串
document.write(json); //output为{"name":"GDT","age":23,"University":"GDUT"}

(3) eval() function

Function: The eval() function can calculate a string and execute the JavaScript code in it.

Syntax: eval(string)

Parameters:

string　Required, the string to be evaluated, which contains the JavaScript expression to be evaluated or the statement to be executed.

Return value: Return the value of the calculated string, if any (if not, return without any changes)

example:

eval("x=;y=;document.write(x*y)"); //output为
document.write(eval("+"));　　//output为
var x=;
document.write(eval(x+));　　//output为

Use the eval() function to parse JSON strings into objects. This function can complete the functions of JSON.parse(), but there are differences. Please see the following code

// JSON.parse()
var json = '{"name":"GDT","age":,"University":"GDUT"}';
var info = JSON.parse(json);　　　 //解析为JSON对象
document.write(info); //output为[object Object]
//eval()
var json = '{"name":"GDT","age":,"University":"GDUT"}';
var info = eval('(' + json + ')'); //解析为JSON对象
document.write(info); //output为[object Object]

I don’t know if you have noticed that eval() also uses a pair of parentheses to wrap the string. I found a better explanation for this:

Reason: It is due to the problem of eval itself. Since json starts and ends with "{}", in JS, it will be processed as a statement block, so it must be forced to be converted. into an expression.

Solution: The purpose of adding parentheses is to force the eval function to convert the expression in the parentheses into an object when processing JavaScript code, rather than executing it as a statement. For example, take the object literal {}. If no outer brackets are added, then eval will recognize the braces as the beginning and end marks of the JavaScript code block, and {} will be considered to execute an empty statement. Please see the difference in the following examples

alert(eval("{}")); // return undefined
alert(eval('('+'{}'+')')); // return object[Object] 

In addition, compared to JSON.parse() with strict writing format, eval() can parse any string. eval is unsafe because eval is relatively loose and has potential security issues. For example, the following code:

var str = '{"a":"b"}';
document.write(eval("("+str+")")); //正常解析为对象
var str = '{"a": (function(){alert("I can do something bad!");})()}';
eval('('+str+')'); //可以用来执行木马脚本 

If a malicious user injects a script that inserts a Trojan link into the page into the json string, it can also be operated with eval. However, you don’t have to worry about this problem with JSON.parse(). It can be seen that although the eval() function is very Powerful, but there are not many opportunities to actually use it.

It’s time for a personal summary. This is my first blog in my life. It was born on Fool’s Day on April 1st. I hope you can forgive me for the poor writing. The current technology is very bad. I really hope that I can do it now. Accumulate knowledge bit by bit and lay a good foundation for future success, fighting~