[mochikit] JSON.parse & MochiKit.Base.evalJSON
I just tried to modify MochiKit.Base.evalJSON() to use the new
JSON.parse() function when available. This would give us the following
advantages:
1. Speed (but, well... eval() is probably fast enough already)
2. Security
Unfortunately we would also get a nasty regression issue due to the
stricter syntax enforcement in JSON.parse() vs. eval(). It seems that
at least the Firefox parser doesn't accept constructs like these:
{ a: 1 }
since the correct JSON syntax would be:
{ "a": 1 }
Hmm... So what to do? Just skip this altogether? And add a note in the
docs that people should use JSON.parse() themselves if worried about
security or speed?
Any thoughts are welcome.
Cheers,
/Per
--
You received this message because you are subscribed to the Google Groups
"MochiKit" group.
To post to this group, send email to mochi...@googlegroups.com.
To unsubscribe from this group, send email to
mochikit+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/mochikit?hl=en.
Re: [mochikit] JSON.parse & MochiKit.Base.evalJSON
On Sat, Nov 28, 2009 at 2:18 PM, Per Cederberg wrote: > I just tried to modify MochiKit.Base.evalJSON() to use the new > JSON.parse() function when available. This would give us the following > advantages: > > 1. Speed (but, well... eval() is probably fast enough already) > 2. Security > > Unfortunately we would also get a nasty regression issue due to the > stricter syntax enforcement in JSON.parse() vs. eval(). None of the apps we've written depend on the capability to parse invalid JSON, so it wouldn't bother me. -bob -- You received this message because you are subscribed to the Google Groups "MochiKit" group. To post to this group, send email to mochi...@googlegroups.com. To unsubscribe from this group, send email to mochikit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/mochikit?hl=en.
