views:

2270

answers:

7

I have a script that retrieves objects from a remote server through an Ajax call. The server returns objects in JSON notation.

However, in Adobe AIR, there is a restriction on using eval() for security reasons. So I'm able to get replies from the remote server, but can't turn them back into Javascript objects. Is there any workaround for this issue? I would like to use JSON for my Javascript objects, since it can be used almost immediately.

Sidenote: I do understand the security implications for forcing the issue, but I will be doing some rapid application development for a competition, so the program would only be a quick prototype, and not used for production purposes. Nevertheless, it would be great if there's a better alternative to what I'm trying to do now


Update:

Thanks to Theo and jsight for their answers;

One important thing I learnt today is that I can actually make use of ActionScript libraries by using the

<script src="lib/myClasses.swf" type="application/x-shockwave-flash"></script>
tag extended by Adobe AIR. Check out Theo's link for more details!

+1  A: 

Have you looked at as3corelib? It appears to provide an AS3 parser for JSON data, and my hope would be that it doesn't rely upon eval (eval tends to be bad for security as you noted). There are similar libs for Javascript as well, and they tend to be the preferred way to parse json due to the security implications of calling eval on (potentially) evil data.

jsight
A: 

@ jsight:

as3corelib would require that I code in Flex, is there a good solution that uses Javascript which would enable me to receive JSON data? I'm a bit hesitant about writing my code in a language I'm not familiar with, given that the time limit for the competition is 24 hours.

pkchukiss
A: 

JSON is Javascript Object Notation, so if you are using Javascript you are already there! Have a look at these links, they give examples of how to create Javascript objects from JSON:

http://www.hunlock.com/blogs/Mastering_JSON_(JavaScriptObjectNotation)

http://betterexplained.com/articles/using-json-to-exchange-data/

If you decide to go the Flex / AS3 route, then as the jsight said, as3corelib is a good place to start.

Mark Ingram
A: 

@ Mark Ingram:

I already know how to use JSON in Javascript.

I'm trying to work around Adobe AIR's disabling of eval(), which is currently needed to parse the data from the server as a JSON object.

pkchukiss
+4  A: 

You can find a JSON parser written in JavaScript here (source code here). You can also use the as3corelib JSON parser from JavaScript, there's a description of how to access ActionScript libraries from JavaScript here.

Theo
A: 

I think this is possible if you use an iframe and sandbox bridge. You should be able to run eval() on downloaded code in the sandboxed iframe,

Excerpt from Adobe AIR 1.1 Doc's "...it may be more convenient to run content in a sandboxed child frame so that the content can be run with no restrictions on eval()..."

Another related article: Building on AIR: Working with the Sandbox Bridges

John Lemberger
A: 

I followed John's idea and I can tell you it definitely works. The security restrictions imposed by AIR's sandbox bridges almost exactly match the restrictions of JSON objects!

Frank Wienberg

related questions