Json Stringify() Not Working In Ie7

[tinfanide]

I've used eval() to turn a JSON array into an object.But people say eval() has security issues. What particular are the issues? Turning scripts as well into JS objects?And how about stringify()? How can I make it work in IE7?

[justsomeguy]

eval executes code. That's fine if the only code to execute is code that defines an object structure, but it's not so OK if someone injected malicious code for all of your users to execute. JSON libraries include a method called parse which validates the data first to ensure it only contains a data structure and not arbitrary code to execute. There's a JSON parser here which does not use eval, but it also doesn't validate to make sure the data structure is valid. That may result in a browser error if the data structure isn't formed correctly: http://code.google.com/p/json-sans-eval/ There's another library here which does do validation, but also uses eval. It also includes a stringify method. https://github.com/douglascrockford/JSON-js/blob/master/json2.js

[thescientist]

using jquery will validate and parse the data for you too.

[tinfanide]

eval executes code. That's fine if the only code to execute is code that defines an object structure, but it's not so OK if someone injected malicious code for all of your users to execute. JSON libraries include a method called parse which validates the data first to ensure it only contains a data structure and not arbitrary code to execute. There's a JSON parser here which does not use eval, but it also doesn't validate to make sure the data structure is valid. That may result in a browser error if the data structure isn't formed correctly: http://code.google.c...json-sans-eval/ There's another library here which does do validation, but also uses eval. It also includes a stringify method. https://github.com/d...master/json2.js

Yes, thank you for your link. Indeed I've found the similar path to the json.js file but the thing was that the file seemed to be weird, containing only the alert method inside. I thought it was a virus... Didn't know why.

using jquery will validate and parse the data for you too.

Yes, jQuery is another option.

[tinfanide]

And it seems parsing JSON objects not possible in IE7. I've searched online for solutions and they all pointed to json2.js,but I've included the file and it just does not work in IE7. It returns"SCRIPT1028: Expected identifier, string or number" (IE7 Console) My demo:http://lifelearning.x10.mx/jsonTEST.html Please have a look.If JSON is not that popular on the web, I'd use XML rather.

[thescientist]

JSON is in fact quite popular on the web and it is pretty close to outpacing XML, or at least in my opinion it should. The ease of its use for transporting data between languages is especially handy since for the sheer fact that it requires minimal markup to "explain" its content, unlike XML. Did you try removing the comma after "20"? You don't need it there. I've had no problems using JSON in any browser for any task. If it was that difficult to work with, Javascript would certainly not be as fluent on the web as it is.

[justsomeguy]

IE7 and lower will show an error on hanging commas like that. IE8 and other browsers will ignore them.

[tinfanide]

eval executes code. That's fine if the only code to execute is code that defines an object structure, but it's not so OK if someone injected malicious code for all of your users to execute. JSON libraries include a method called parse which validates the data first to ensure it only contains a data structure and not arbitrary code to execute. There's a JSON parser here which does not use eval, but it also doesn't validate to make sure the data structure is valid. That may result in a browser error if the data structure isn't formed correctly: http://code.google.c...json-sans-eval/ There's another library here which does do validation, but also uses eval. It also includes a stringify method. https://github.com/d...master/json2.js

Yes, I used the first one from Google and worked. But just wonderif I must use the syntax

var jsonObj = '{"name": "property"}';// how about this:var jsonObj = {name: ""}

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>Untitled Document</title><script type="text/javascript" src="json-lib/json_parse.js"></script><script>var obj = {name: "Tin", "######": "Male","age": 20};var json = JSON.parse(obj);document.write(json.name);document.write("<br />");</script></head><body></body></html>

I tried to use the original one (json_parse.js) but didn't work...

[justsomeguy]

You don't need to parse that, it's already an object. The parse method turns a string into the object. You can use stringify if you want to turn the object into a string. If you're starting with an object then you don't need to do anything. JSON stands for JavaScript Object Notation, it is the native way to define objects in Javascript. The parse method is only used for turning a string representation of an object into an actual object. The reason people use JSON with ajax is because a language like PHP cannot return an actual object or array to Javascript, but it can return a string that Javascript can convert into an object.

[tinfanide]

How about using an external JSON file?

{"students": [    {name: "Tin", ######: "Male", age: 20},    {name: "Valerie", ######: "Female", age: 16},    {name: "Valeriana", ######: "Female", age: 18},],"teachers": [    {name: "Tim", ######: "Male", age: 30},    {name: "Val", ######: "Female", age: 40},    {name: "Vivian", ######: "Female", age: 50},],"parents": [    {name: "Tiffany", ######: "Male", age: 60},    {name: "Viona", ######: "Female", age: 66},    {name: "Vivi", ######: "Female", age: 68},],}

I think in the codes below the parts within "///////" are problematic.I managed to use

   var jsonData= eval("("+xmlhttp.responseText+")");

to get the data from the external JSON file.ButI'm afraid of the security issue with eval()SoI wanna change to some safer JSON methodslikestringify(),jsonParse(),parse()

<div id="result"></div> /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////<script type="text/javascript" src="http://json-sans-eval.googlecode.com/files/json-minified.js"></script>/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////<script type="text/javascript"> function ajax(group,index,property){xmlhttp = (window.XMLHttpRequest) ? new XMLHttpRequest() : new ActiveXObject("Microsoft.XMLHTTP");xmlhttp.onreadystatechange = function(){  if(xmlhttp.readyState==4 && xmlhttp.status==200){ /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////   var jsonData= jsonParse(xmlhttp.responseText);/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////      if(group==""||index==""||property==""){    document.getElementById("result").innerHTML = "Please select a field.";    } else {	 document.getElementById("result").innerHTML = jsonData[group][index][property];	 }   }  }xmlhttp.open("GET","json.json",true);xmlhttp.send(null);}

[thescientist]

I think you're missing the point. If you already have an object, then you don't need to do anything to it. Those libraries are for when you only have a string representation of an object/array (i.e. data structure) that you need to turn into a legitimate data structure. Also, there are a couple of syntax errors with your external data structure; one is for the same reason we pointed out before, you have a trailing comma after your last array member. Also, I can't see what you are using as a key value after name, it just comes accross as ###### in your post. Depending on what that value is, you may need to enclose it in quotes. If you really want to use AJAX to get an external object, you should use PHP to json_encode a PHP array and then you can use one of these libraries that you are so intent on using, since it will come back as string, not an already well formed object like you are using.

[tinfanide]

<!DOCTYPE HTML><html><head>    <title>Simple AJAX .JSON load example</title></head><body><input type="button" value="press" onclick="ajax()" /><div id="result"></div><script type="text/javascript">function ajax(){var xmlhttp = (window.XMLHttpRequest) ? new XMLHttpRequest() : new ActiveXObject("Microsoft.XMLHTTP");xmlhttp.onreadystatechange = function(){  if(this.readyState==4 && this.status==200){     var jsonData = JSON.parse(this.responseText);   document.getElementById("result").innerHTML = jsonData.students.name;   }  }xmlhttp.open("GET","j.json");xmlhttp.send(null);}</script></body></html>

j.json:

{"students":{"name":"Winnie"}}

I finally found out that I could use JSON.parse() and should keep the property in JSON within " "But in JS or JSON object it seems that the " " around the property is not a must

// JSvar jsObj = { obj: "obj" }// JSON// Not completely sure{ obj: "obj"  }

Is it a must to use " " in JSON properties?

[justsomeguy]

Only if it's not a valid identifier name, like if it contains spaces or something.

[tinfanide]

And another question:What if I want to load the external JSON file to JS? (Like the example raised here)Is AJAX the only way to achieve such an effect?I can't do things like:

<script type="text/javascript" src="json.json"></script>

[justsomeguy]

If the file is exactly what you showed, then you need to use ajax. If you want to include it in a script tag then it needs to actually do something, like assign the object to a variable.