A.7. #5: Using eval() with JSONIn Chapter 7, you saw how you can use the eval() function to evaluate JSON returned from a server-side script: function updatePage() { if (request.readyState == 4) { if (request.status == 200) { var jsonData = eval('(' + request.responseText + ')'); // Get the updated totals from the XML responseThe eval() function takes a JSON response, and converts it into a JavaScript object. var totalBoards = jsonData.totals[0].boardsSold + jsonData.totals[1].boardsSold + jsonData.totals[2].boardsSold + jsonData.totals[3].boardsSold; The problem with eval() is that it runs the JSON response from the server without any security checks... if some malicious organization was able to tamper with your server's response, you could end up running some harmful code in your JavaScript. |