安全地将JSON字符串转换为对象
问题描述:
给定一串JSON数据,你如何安全地将该字符串转换为JavaScript对象?
Given a string of JSON data, how can you safely turn that string into a JavaScript object?
显然你可以用类似......之类的东西做不安全的事情/ p>
Obviously you can do this unsafely with something like...
var obj = eval("(" + json + ')');
...但这让我们容易受到包含其他代码的json字符串的影响,这似乎非常危险简单评估。
...but that leaves us vulnerable to the json string containing other code, which it seems very dangerous to simply eval.
答
JSON.parse(jsonString) 是一种纯JavaScript方法,只要你能保证一个相当现代的浏览器。
JSON.parse(jsonString) is a pure JavaScript approach so long as you can guarantee a reasonably modern browser.