Detailed explanation of how to use JSON.parse(), JSON.stringify() and eval()

This time I will bring you a detailed explanation of how to use JSON.parse(), JSON.stringify() and eval(), and precautions when using JSON.parse(), JSON.stringify() and eval(). What are they? The following is a practical case. Let’s take a look.

“JSON(JavaScript Object Notation) is a lightweight data exchange format. It is based on a subset of ECMAScript. Because of its language-independent text format, it is also used Similar to the habits of the C language family, these characteristics make JSON an ideal data exchange language. It is easy for humans to read and write, and it is also easy for machines to parse and generate (generally used to improve network transmission rates).

Today I want to briefly talk about the JSON.parse() and JSON.stringify() functions in jquery. By the way, I will also mention the eval() function in native JS

(1) JSON.parse function

Function: Convert JavaScript Object Notation (JSON)

string into an object. ​

Syntax: JSON.parse(text [, reviver])

Parameters:

text　Required. A valid JSON string.

reviver Optional. A function that converts the result. This function will be called for each member of the object.

Return value: an object or array

example:

var json = '{"name":"GDT","age":,"University":"GDUT"}';
var info = JSON.parse(json);　　//解析为JSON对象
document.write(info.name + ' is a student of ' + info.University + ' and he is ' + info.age + " years old."); /info为Object对象

(2) JSON.stringify() function

Function: Convert JavaScript value to JavaScript object notation (JSON) string

Syntax: JSON.stringify(value [, replacer] [, space])

Parameters:

value　Required, usually the JavaScript value that needs to be converted (usually an object or array)

replacer　Optional, the function or array used to convert the result

space　Optional. Adds indentation, spaces, and newlines to the return value JSON text to make it easier to read.

Return value: a string containing JSON text

example:

var info = {name:"GDT",age:,University:"GDUT"};
var json = JSON.stringify(info); //转换为JSON字符串
document.write(json); //output为{"name":"GDT","age":23,"University":"GDUT"}

(3) eval() function

Function: The eval() function can calculate a certain string and execute the JavaScript code in it.

Syntax: eval(string)

Parameters:

string Required, the string to be calculated, which contains the JavaScript

expression to be calculatedor The statement to be executed.

Return value: Return the value of the calculated string, if any (if not, return without any changes)

example:

eval("x=;y=;document.write(x*y)"); //output为
document.write(eval("+"));　　//output为
var x=;
document.write(eval(x+));　　//output为

You can also use the eval() function Parse JSON strings into objects. This function can complete the functions of JSON.parse(), but there are differences. Please see the following code

// JSON.parse()
var json = '{"name":"GDT","age":,"University":"GDUT"}';
var info = JSON.parse(json);　　　 //解析为JSON对象
document.write(info); //output为[object Object]
//eval()
var json = '{"name":"GDT","age":,"University":"GDUT"}';
var info = eval('(' + json + ')'); //解析为JSON对象
document.write(info); //output为[object Object]

I don’t know if you have noticed eval() or not. You need to wrap the string with a pair of parentheses. A better explanation I found is:

Reason: It is attributed to the problem of eval itself, because json starts with "{}" And finally, in JS, it will be processed as a statement block, so it must be forced to be converted into an expression.

Solution: The purpose of adding parentheses is to force the eval function to convert the expression in the parentheses into an object when processing JavaScript code, rather than executing it as a statement. For example, take the object literal {}. If no outer brackets are added, then eval will recognize the braces as the beginning and end marks of the JavaScript code block, and {} will be considered to execute an empty statement. Please see the difference in the following examples

alert(eval("{}")); // return undefined
alert(eval('('+'{}'+')')); // return object[Object]

In addition, compared to JSON.parse() with strict writing format, eval() can parse any string. eval is unsafe because eval is loose and will There are potential security issues. For example, the following code:

var str = '{"a":"b"}';
document.write(eval("("+str+")")); //正常解析为对象
var str = '{"a": (function(){alert("I can do something bad!");})()}';
eval('('+str+')'); //可以用来执行木马脚本

If a malicious user injects a script into the json string that inserts a Trojan link into the page, it can also be operated with eval, but you don’t have to worry about this problem with JSON.parse(). It can be seen that although the eval() function is very powerful, there are not many opportunities to actually use it.

I believe you have mastered the method after reading the case in this article. For more exciting information, please pay attention to other related articles on the php Chinese website!

Recommended reading:

JQuery implements the sidebar menu

jquery clicks on the thumbnail to switch the playback effect

The above is the detailed content of Detailed explanation of how to use JSON.parse(), JSON.stringify() and eval(). For more information, please follow other related articles on the PHP Chinese website!