Geek Answers Handbook

JSON that contains functions

I have a website that returns a JSON-like data structure as follows:

{ "name":"tom jones", "no": 123, "storedproc": function(){ callbuyer(0123); } }

I get this data using $.ajax() with dataType "JSON". Unfortunately, my $.ajax() is $.ajax() error callback because my data contains a function (). How can I make it out right? I really need to save the function in a variable and call it later.

+4
source share
6 answers

Could you force the server to return JSON as follows:

 {"name":"tom jones", "no": 123, "storeprocFn": callbuyer, "arg": "0123"};

Then your callback function can call the callbuyer function and pass arg

+4
source

This is simply not legal JSON (as you know, given the title of the question) See the official JSON syntax . The good thing about real JSON is that you can use JSON.parse , which safely completes the eval call.

While eval can be used, I would suggest reviewing your application architecture and finding another way to do what you are trying to do.

In particular, I would like the server to return only 0123 , and let your client support the logic, which allows him to know, in some cases, which functions are used (in this case, the function will be callbuyer ).

This should work because you say you want to call a function that is the storedproc value later. Since the body of this function contains a callbuyer call, your client side of the script knows what callbuyer . The trick is that your server does not send arbitrary, unlimited functions, but rather data that your client can somehow use, using the knowledge that he has about the general application.

+7
source

Use eval to interpret a string as a javascript object. However, you cannot use the JSON data type. I believe you need to use "text" as the data type to call $ .ajax. Then do something like:

 var data = eval('(' + text + ')');

Must work. Of course, eval is evil. But it will solve your problem. As long as you can guarantee that there is nothing malicious in the text (without deactivated user input), then you should be fine.

+1
source

AFAIK, functions are left without using JSON.stringify , it is simply not intended for cloning full objects (details and methods). However, you can pass the body of the function as a string.
Say you decide to use a string format, for example func=>var foo = 'bar'; return foo; func=>var foo = 'bar'; return foo; . This should be passed as a regular JSON string after parsing the object, which you could then iterate over all the properties, and convert these strings to functions like this:

 for (var prop in parsedObj) { if (parsedObj.hasOwnProperty(prop) && parsedObj[prop].match(/^func\=\>/)) { parsedObj[prop] = new Function(parsedObj[prop].replace('func=>','')); } }

Although, seriously, I would say that you might want to rethink your approach, this is not what JSON is for. This is unsafe, all JSON strings are evaluated after they do not contain malicious code. This approach creates a loophole / vulnerability that JSON people worked hard to seal.

+1
source

In your example, this will work: 'user.storeproc = function () {callbuyer (user.no);};'

User Var 'is an object parsed by json.

Ps: maybe you need to format user.no, from 123 to 0123

0
source

The next JSON extension, "JFON", transfers the functions and properties of the array.
JFON uses eval and is intended to be used if:

1) your data is obtained from a reliable source (for example, not derived from user input or code from your own server) and
2) you know that there are no unwanted side effects with the "eval" context
(this is the context of the eval function in the "fromJFON" function, line 127)
3) it is expensive to refactor your application to use "functionless" JSON;
4) JFON is a one-day job, so additional testing may be required,

Idea: use the selected property name to execute functions and arrays, for example, in strings, when the selected character "\" is used to convey \ n and \ for itself.

In JFON, the name "wrap" is chosen to convey functions and itself: "wrap": {"fun": ... and "wrap": {"esc": ...

demo: http://landkey.org/Sandbox/z/spaceen86/js/btb/tests/jfon.htm

code (use commit 0.0.86):
https://github.com/lancelab/spaceen/blob/master/js/btb/JFON.js
test: github.com/lancelab/spaceen/blob/master/js/btb/tests/jfon.htm

Here is another JWON extension: JSON comments, here are docs, beheading JSONs:
github.com/lancelab/Boardspirator/blob/master/diary/play/tp/jwon.js

0
source

More articles:


All Articles