关于 javascript 字符串解析为JSON 对象
早前 对于json 格式的字符转 一直使用的是 eval()
在看到一篇文章 eval 的安全隐患, 也就是说 eval(json) 中的数据可能已经被篡改。
为了修正这玩意 于是查了查
我查到的 有三种方式
eval()
eval( "(" + jsonString + ")" );
new function()
new Function( "return " + jsonString )();
JSON.parse
JSON.parse( jsonString );
当然 前面两种自然是不推荐。 下面是浏览器 对JSON.parse的支持情况
比较老了 不过还是能说明问题。 总不可能老版本支持 新版本不支持吧
| JSON text | This implementation | FF 3.6.6 | FF 4.0 beta | IE8 | IE9 Beta | Opera 11 (build 1055) | Chrome 6.0.472 | Safari 5 (6533.16) | json2 in FF 3.6.6 | |
|---|---|---|---|---|---|---|---|---|---|---|
JSON.parse |
- | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |
JSON.parse(''); |
- | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | |
eval('6 * 6') == 36; |
- | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | |
"str", "str" |
- | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
""" |
- | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | |
"\" |
- | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | |
"\u0000" |
- | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u0001" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u0002" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u0003" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u0004" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u0005" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u0006" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u0007" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u0008" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u0009" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | Allowed syntax | Allowed syntax | |
"\u000a" |
- | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | |
"\u000b" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u000c" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u000d" |
- | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | |
"\u000e" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u000f" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u0010" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u0011" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u0012" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u0013" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u0014" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u0015" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u0016" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u0017" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u0018" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u0019" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u001a" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u001b" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u001c" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u001d" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u001e" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\u001f" |
- | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
"\xF1" |
- | SyntaxError | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | |
"\101" |
- | SyntaxError | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | |
+2 |
- | Allowed syntax | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | |
2. |
- | Allowed syntax | Allowed syntax | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
.2 |
- | Allowed syntax | Allowed syntax | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | |
00 |
- | Allowed syntax | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
01 |
- | Allowed syntax | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
02 |
- | Allowed syntax | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
03 |
- | Allowed syntax | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
04 |
- | Allowed syntax | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
05 |
- | Allowed syntax | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
06 |
- | Allowed syntax | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
07 |
- | Allowed syntax | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
08 |
- | Allowed syntax | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
09 |
- | Allowed syntax | Allowed syntax | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
0xFF |
- | SyntaxError | - | SyntaxError | SyntaxError | - | SyntaxError | - | SyntaxError | |
{property : false} |
- | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | |
{'property' : false} |
- | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | |
{2 : false} |
- | SyntaxError | - | - | - | - | SyntaxError | - | Allowed syntax | |
{true : false} |
- | SyntaxError | - | - | - | - | SyntaxError | - | Allowed syntax | |
{false : false} |
- | SyntaxError | - | - | - | - | SyntaxError | - | Allowed syntax | |
{null : false} |
- | SyntaxError | - | - | - | - | SyntaxError | - | Allowed syntax | |
{"property" : "value",} |
- | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
["value", "value",] |
- | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
[\u000B] |
- | SyntaxError | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | Allowed syntax | |
[\u000C] |
- | SyntaxError | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | Allowed syntax | |
[\u00A0] |
- | SyntaxError | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
[\uFEFF] |
- | SyntaxError | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | |
[\u1680] |
- | SyntaxError | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | |
[\u180E] |
- | SyntaxError | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | |
[\u2000] |
- | SyntaxError | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
[\u2001] |
- | SyntaxError | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
[\u2002] |
- | SyntaxError | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
[\u2003] |
- | SyntaxError | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
[\u2004] |
- | SyntaxError | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
[\u2005] |
- | SyntaxError | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
[\u2006] |
- | SyntaxError | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
[\u2007] |
- | SyntaxError | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
[\u2008] |
- | SyntaxError | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
[\u2009] |
- | SyntaxError | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
[\u200A] |
- | SyntaxError | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax | |
[\u202F] |
- | SyntaxError | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | |
[\u205F] |
- | SyntaxError | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | SyntaxError | |
[\u3000] |
- | SyntaxError | SyntaxError | Allowed syntax | SyntaxError | SyntaxError | SyntaxError | SyntaxError | Allowed syntax |
这个图表中 没有提到IE6,7,8(Q)
JSON 是 ECMA-262(ECMAScript)第5版 在09年。(应该是吧)
所以IE6,7,8(Q) 肯定是不支持的
于是 还是只能启用 eval() 和 new function() 。 不过要做好验证
当然 你可以用其他js 框架中的json解析
浙公网安备 33010602011771号