ansaurus

Question

Evaluate the string as object (javascript)

Answer 1

+1 A:

Using eval in this scenario is actual quite dangerous. You really ought to be using XML or JSON. (That's why they call it AJAX.)

Eric Mickelsen 2010-10-19 14:07:26

To be clear, the J in AJAX is for JavaScript, not JSON...and a string fits under that category.

Nick Craver 2010-10-19 14:08:19

@Nick, I was referring to the X. And the J doesn't refer to using Javascript code as a communication medium via eval.

Eric Mickelsen 2010-10-19 14:09:45

@Eric - JSON doesn't provide a way to pass an executable function either, so what would it directly solve here?

Nick Craver 2010-10-19 14:11:03

@Nick, There's no mention of passing functions in the message (in the OP). The example is just a simple object, which JSON is well-suited for. If anyone has an urge to pass a function as a message, I would reconsider that, since it is likely a major design flaw.

Eric Mickelsen 2010-10-19 14:13:30

@Eric - The object could be any of 30 types for example, maybe he gets a Person, or a Class or a Car...you're making some *assumptions* here that it's an easy thing to bypass :)

Nick Craver 2010-10-19 14:16:11

@Nick, Granted, I made an unstated assumption. I'm making a normative recommendation on the basis of one example. The OP makes no attempt to specify the domain of possible messages. However, I doubt that it's such an unreasonable assumption that every recommendation of JSON should have a big "CAN'T SERIALIZE FUNCTIONS!" sign on it. Frankly, I'm just not very concerned with the possibility of being sued over omitting that disclaimer.

Eric Mickelsen 2010-10-19 14:22:38

Answer 2

+5 A:

If the string really is as you've quoted it, it has a syntax error and will not work (it has an errant ' inside the word "Saturday"). Otherwise, though, change the brackets ([ and ]) in your eval call to parentheses (( and )):

var obj = eval('('+msg.d+')');

However, it should almost never actually be necessary to do this (or indeed to use eval at all). It's almost always possible, and desirable, to refactor slightly and avoid it.

If that's a literal quote from your code, see also dvhh's answer below, your function argument name (msg.d) is invalid.

T.J. Crowder 2010-10-19 14:07:45

Answer 3

A:

I would avoid using eval() for security reasons. If a user can get malicious code into the database, there's a chance it could end up in this eval expression, wreaking havoc for anybody who visits this page.

Instead of using eval, I'd recommending returning JSON from the AJAX request. You can then easily parse the values and build a new Person object with that data.

Colin O'Dell 2010-10-19 14:09:18

Answer 4

+1 A:

the function argument should be a valid javascript identifier

try changing msg.d to msg_d for example

dvhh 2010-10-19 14:11:07

Well spotted...

T.J. Crowder 2010-10-19 14:12:19

Answer 5

+1 A:

You may need to escape your string, because this example works fine:

function MyObject(myvar){
    this.hello = function(){
        alert('myvar= ' + myvar);
    };
}

var obj1 = new MyObject('hello');
obj1.hello();

var obj2 = eval("new MyObject('world')"); 
obj2.hello();

(Edit: By the way, I assume msg.d is a typo due to editing the snipplet before posting on StackOverflow ?)

wildpeaks 2010-10-19 14:13:49

If you have control over the server-side, I would advise to use JSON (or XML, but it slightly slower), that makes things more maintainable and it's easy to use in (I assume you use jQuery due to the $.ajax), just change the "dataType" field to 'json' and you get directly receive a nice structure in the success handler).

wildpeaks 2010-10-19 14:18:56

ansaurus

tags:

views:

answers:

Evaluate the string as object (javascript)

related questions