Loading ...
Sorry, an error occurred while loading the content.

Re: Helpless beginner

Expand Messages
  • kylealanhale
    I want to clarify a couple of things that no one else seems to have addressed: * There is no such thing as an external JSON-array ; JSON is just a data
    Message 1 of 8 , May 20, 2011
    • 0 Attachment
      I want to clarify a couple of things that no one else seems to have
      addressed:
      * There is no such thing as "an external JSON-array"; JSON is just a
      data transfer format, or, more correctly, a data transfer notation
      (JavaScript Object Notation). What you described in your last post, of
      defining the array in a javascript file that you include in your page,
      is not JSON at all, just JavaScript.
      * You should never transfer JSON-encoded data as an array; this opens a
      security vulnerability (see
      http://directwebremoting.org/blog/joe/2007/03/05/json_is_not_as_safe_as_\
      people_think_it_is.html for a good summary of the issue); instead,
      always enclose it in an object. So instead of your data looking like
      [{"key1": "value1"}, {"key2": "value2"}...], make it look like {"list":
      [{"key1": "value1"}, {"key2": "value2"}...]}.
      * You should also never use eval(), for reasons that have been explained
      extensively elsewhere, including several times by the brainfather of
      JSON himself, and in the very Wikipedia article you quoted from
      originally <http://en.wikipedia.org/wiki/JSON#Security_issues>. Instead
      use JSON.parse, which is standard in all major browsers now.
      * If you want to get a JavaScript object from a JSON-encoded source
      while working from the browser, you will invariably use XHR (AJAX, if
      you must). The method you posted is exactly how you would do that, with
      the exception that you'd probably want to do it asynchronously and
      handle the data in a callback, rather than procedurally. Also, if you
      use a JavaScript framework, it will generally make your life much easier
      and your code much cleaner. A jQuery example:
      $.getJSON('http://www.mysite.no/services/product/list/', function(data)
      { $.each(data.list, function (index, listItem) { // Do something
      which each item in the list });});
      Note that this function takes care of (safely) decoding your
      JSON-encoded data so that you can handle it as a native JavaScript
      object. See http://api.jquery.com/jQuery.getJSON/ and
      http://api.jquery.com/jQuery.ajax/ for more details.
      * While there are exceptions to all of these, and things I have left
      out, this is a good starting place for best-practices, I think.


      --- In json@yahoogroups.com, jon.erland.madsen@... wrote:
      >
      > Thank you so very much!
      >
      > I got help and will use the following code (my script is client side):
      >
      > **********************************************
      >
      > function createXMLHttpRequest()
      > {
      > try { return new XMLHttpRequest(); } catch(e) {}
      > try { return new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) {}
      > return null;
      > }
      >
      > var url = "http://www.finansportalen.no/services/sph/produkt/list/";
      > var xhReq = createXMLHttpRequest();
      > xhReq.open("GET", url, false);
      > xhReq.send(null);
      >
      > var sphdata = eval(xhReq.responseText);
      >
      > **********************************************
      >
      > (I would have prefered, however, to have the object declared by the
      server
      > and posted as a .js file i could simply include, thus enabling me to
      > access it directly. But the above will do.)
      >
      > Thanks again!
      >



      [Non-text portions of this message have been removed]
    Your message has been successfully submitted and would be delivered to recipients shortly.