安全地将 JSON 字符串转换为对象
问题描述:
给定一串 JSON 数据,我如何才能安全地将该字符串转换为 JavaScript 对象?
Given a string of JSON data, how can I safely turn that string into a JavaScript object?
显然,我可以通过以下方式不安全地执行此操作:
Obviously I can do this unsafely with something like:
var obj = eval("(" + json + ')');
但这让我容易受到包含其他代码的 JSON 字符串的影响,简单地 eval 似乎非常危险.
but that leaves me vulnerable to the JSON string containing other code, which it seems very dangerous to simply eval.
答
JSON.parse(jsonString) 是一种纯 JavaScript 方法,只要您能保证合理的现代浏览器.
JSON.parse(jsonString) is a pure JavaScript approach so long as you can guarantee a reasonably modern browser.