This week's book giveaway is in the Jython/Python forum.
We're giving away four copies of Murach's Python Programming and have Michael Urban and Joel Murach on-line!
See this thread for details.
Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

eval & JSON  RSS feed

 
Stan James
(instanceof Sidekick)
Ranch Hand
Posts: 8791
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm hand-throwing a bunch of AJAX & JSON code (can't use open source without a hassle) and wondered about the line I found in several JSON examples. (Had to write "evil" for "e v a l" to get by the Ranch's h4x0r filters.)

Any reason not to say ...

Two questions in one post ... sorry about this ... This is a tiny internal application so I'm not too concerned about somebody putting bogus code into my response, but I'd like to code for it anyhow. I read about putting a header on the JSON string and writing your JavaScript to pull it off before the evil(). Any other good approaches?
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65824
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Stan James:

Any reason not to say ...


One could argue that the first approach makes more sense because the variable is declared "for real" and assigned the results of the evaluation, whereas the second approach embeds the variable declaration within the string which ends up with the same results but is more implicit.

Any other good approaches?


The header approach is liked because it doesn't pollute the data the way adding a property to the returned object (in JSON notation, of course) would.
 
Stan James
(instanceof Sidekick)
Ranch Hand
Posts: 8791
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks! This blog: JSON is not as safe as you think it is may put a bullet in the whole JSON idea here.
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65824
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You're using cookie-based authentication?
 
Stan James
(instanceof Sidekick)
Ranch Hand
Posts: 8791
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Right this minute I'm in alpha demo mode with no authentication, but I think we'll turn on the cookie based authentication in the team-standard controller servlet Real Soon Now.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!