Prototype v1.6.0 API documentation

String

blank
camelize
capitalize
dasherize
empty
endsWith
escapeHTML
evalJSON
evalScripts
extractScripts
gsub
include
inspect
interpolate
isJSON
parseQuery
scan
startsWith
strip
stripScripts
stripTags
sub
succ
times
toArray
toJSON
toQueryParams
truncate
underscore
unescapeHTML
unfilterJSON

API Docs

Utility Methods
Ajax
Array
Class
Date
Element
Element.Methods
Element.Methods.Simulated
Enumerable
Event
Form
Form.Element
Function
Hash
Insertion
Number
Object
ObjectRange
PeriodicalExecuter
Position
Prototype
String
Template
TimedObserver
document
document.viewport

evalJSON
1.5.1

evalJSON([sanitize = false]) -> object

Evaluates the JSON in the string and returns the resulting object. If the optional sanitize parameter is set to true, the string is checked for possible malicious attempts and eval is not called if one is detected.

If the JSON string is not well formated or if a malicious attempt is detected a SyntaxError is thrown.

Examples


var person = '{ "name": "Violet", "occupation": "character" }'.evalJSON();
person.name;
//-> "Violet"

person = 'grabUserPassword()'.evalJSON(true);
//-> SyntaxError: Badly formed JSON string: 'grabUserPassword()'

person = '/*-secure-\n{"name": "Violet", "occupation": "character"}\n*/'.evalJSON()
person.name;
//-> "Violet"

Note

Always set the sanitize parameter to true for data coming from externals sources to prevent XSS attacks.

As String#evalJSON internally calls String#unfilterJSON, optional security comment delimiters (defined in Prototype.JSONFilter) are automatically removed.

String

API Docs

evalJSON 1.5.1

Examples

Note

evalJSON
1.5.1