Home/ Questions/Q 159829
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T10:55:39+00:00

An ajax request returns me a standard JSON array filled with my user’s inputs.

  • 0

An ajax request returns me a standard JSON array filled with my user’s inputs. The input has been sanitized, and using the eval() function, I can easily create my javascript object and update my page…

So here’s the problem. No matter how hard I try to sanitize the inputs, I’d rather not use the eval() function. I’ve checked google for ways to use ‘JSON in AJAX without eval’ and have ran accross a bunch of different methods…

Which one should I use? Is there a standard, proven-secure way of doing this?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. json.org has a nice javascript library

    simple usage:

    JSON.parse('[{'some':'json'}]'); JSON.stringify([{some:'json'}]);

    Edit: As pointed out in comments, this uses eval if you look through its source (although it looks to be sanitized first)

    to avoid it completely, look at json_parse or json-sans-eval

    json2.js is insecure, json_parse.js is slow, json-sans-eval.js is non-validating

    • 0