I’ve got a perfectly correct Json string which gets parsed inside a function’s method

Question

0

Asked: June 2, 20262026-06-02T14:32:20+00:00 2026-06-02T14:32:20+00:00

I’ve got a perfectly correct Json string which gets parsed inside a function’s method

0

I’ve got a perfectly correct Json string which gets parsed inside a function’s method by using the eval function. When that is done, though, for some unknown reason the first line of a globally defined method is injected inside as one of the array’s parameters.

the string being parsed is:

{“id”:1,”name”:”object1″,”volume”:15,”weight”:100}

The parsing line is:

var decoded = eval(‘(‘ + encoded + ‘)’);

Once decoded by using the eval() function, I’ve got the “complementary” attribute decoded[‘replaceNode’] inside, which contains a global scope function contained inside another file.

I’d consider it a bug, but since the same happens in both firefox and safari, it seems unlikely. More probably I’ve misunderstood the purpose of eval.

Thank you for your help in advance.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-02T14:32:21+00:00

Editorial Team

2026-06-02T14:32:21+00:00Added an answer on June 2, 2026 at 2:32 pm

Don’t use eval.

Eval is unsafe and can make attackers execute arbitrary code. Use a JSON library instead.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’ve got a perfectly correct Json string which gets parsed inside a function’s method

Leave an answerCancel reply

1 Answer

Don’t use eval.

Leave an answer
Cancel reply