Introduction
JavaScript is a programming language commonly used in web development. It can be used to build interactive and dynamic websites and is often used in combination with HTML and CSS. One of the key features of JavaScript is its ability to parse and manipulate JSON (JavaScript Object Notation) data.
JSON is a lightweight data-interchange format that is easy for humans to read and write and for machines to parse and generate. It is based on a subset of the JavaScript programming language, so it is easy to work with in JavaScript. JSON data is represented as key-value pairs, similar to a dictionary in Python or an object in JavaScript.
Using eval()
function to parse JSON. Is it Safe?
In JavaScript, one way to do this is by using a function called eval()
, which takes a string, compiles it, and then executes it.
var jsonString = '{"employees": [{"firstName":"Amit", "lastName":"Diwedi", "age":25, "city":"Bangladesh"},{"firstName":"Rahul", "lastName":"Raj", "age":32, "city":"India"},{"firstName":"Deepak", "lastName":"Sharma", "age":45, "city":"Bhutan"}]}';
var obj = eval("(" + jsonString + ")");
console.log(obj.employees[0].firstName); // Output: "Amit"
console.log(obj.employees[1].city); // Output: "India"
In this example, the JSON string is passed as a parameter to the eval()
function, which converts it into a JavaScript object. The properties of the object can then be accessed using dot notation.
It is generally not recommended to use the eval()
function to parse JSON in JavaScript because it can be a security risk. The eval()
function can execute any JavaScript code, and if the JSON string being parsed contains malicious code, it could potentially harm the user's system or steal sensitive information.
The issue with the eval()
 function is it takes a string, and compiles and executes it without discrimination. If my JSON is coming from a third-party server and is replaced with a malicious script, then my perfectly innocent website will be compiling and executing this malicious code in the Internet browsers of those who visit my site.
How to SAFELY parse JSON using JSON.parse()
in JavaScript?
There are several ways to parse JSON data in JavaScript. The most common method is to use the JSON.parse()
function, which takes a string as input and returns a JavaScript object or array. For example, consider the following JSON string:
{
"name": "Jackson",
"age": 35,
"city": "Toronto"
}
To parse this JSON string in JavaScript, we would use the following code
let jsonData = `{
"name": "Jackson",
"age": 35,
"city": "Toronto"
}`;
let obj = JSON.parse(jsonData);
console.log(obj.name);
console.log(obj.city);
Output
Jackson
Toronto
In this example, the JSON.parse()
function takes the JSON string as input and returns a JavaScript object. We can then access the properties of the object using dot notation, as shown in the example.
We can make use of another example with a little more complex usage. Here is a more complex example of using JavaScript to parse JSON data.
let jsonString = `
{
"employees": [
{
"firstName":"Deepak",
"lastName":"Ismail"
},
{
"firstName":"Daniella",
"lastName":"Smith"
},
{
"firstName":"Femi",
"lastName":"David"
} ]
}`;
let obj = JSON.parse(jsonString);
for (let i = 0; i < obj.employees.length; i++) {
console.log(obj.employees[i].firstName + " " + obj.employees[i].lastName);
}
Output
Deepak Ismail
Daniella Smith
Femi David
In this example, we have a JSON string that represents a company with a list of employees. The JSON string contains an object with a single property, employees
, which is an array of employee objects. Each employee object has two properties: firstName
and lastName
.
To parse this JSON string in JavaScript, we use the JSON.parse()
function as before. This function returns a JavaScript object that represents the JSON data. We can then access the properties of the object using dot notation.
Next, we use a for loop to iterate over the employees
array. For each employee object in the array, we access the firstName
and lastName
properties and log them to the console using string concatenation.
This example demonstrates how we can use JavaScript to parse a more complex JSON data structure and access the individual properties of the objects contained within it.
Another way to parse JSON data in JavaScript is to use the eval()
function. However, this method is generally not recommended due to security risks, as it can execute arbitrary code. It is safer to use the JSON.parse()
function whenever possible.
Summary
In conclusion, JSON parsing is an important feature of JavaScript that allows developers to work with data in a convenient and efficient way.
Use JSON.parse()
 instead of eval()
. The eval()
 function will compile and execute the string that is passed in, which opens your code up for attacks. JSON.parse()
 only parses JSON.
References
JSON - JavaScript | MDN (mozilla.org)
JSON.parse() - JavaScript | MDN (mozilla.org)