Loading ...
Sorry, an error occurred while loading the content.

518Re: Questions re javascript parseJSON()

Expand Messages
  • Douglas Crockford
    Sep 20, 2006
    • 0 Attachment
      > I'm experimenting with using parseJSON() rather than a simple 'eval'.
      > It seems to work except for dates. Given the following code, obj3
      > returns false, but test4 returns a valid object with a date.
      > var test3 = "{\"ADate\":new Date(Date.UTC(2005,7,12,9,46,4,677))}";
      > var obj3 = test3.parseJSON();

      > Can anyone explain this? Am I missing something?
      > Also, while I'm familar with Regex, I'm having a hard time
      > understanding what parseJSON is really filtering. Can anyone point to
      > an explanation of what's really happening?

      Your test3 string does not conform to the rules for a JSON text. You
      can find the rules at http:/www.JSON.org/

      The regular expressions in parseJSON look for characters which cannot
      appear outside of strings in JSON text. You particularly want to
      reject anything containing '-', '+', 'new', '=', or '(' because they
      can be employed by an evil server to cause mutation or invocation. The
      parseJSON contract is that only data can pass through.
    • Show all 5 messages in this topic