JavaScript from Scratch: Parts Three and Four
I’ve uploaded two additional talks which I recently gave covering the basics of events and application development in JavaScript. This continues on with the talks I added earlier this month.
Part Three: Events
Part Four: Writing JavaScript Applications
Other Posts in this Series
2 Responses to JavaScript from Scratch: Parts Three and Four
mikeg:
You raise a good point. When handling JSON structures coming in from Ajax requests, the easiest and most efficient solution is to hand it off to eval().
In this one instance, I would feel comfortable in saying eval() is ok… but only after a thorough scan over the JSON data has been made, similar to how JSONRequest works.
Any other instance of eval() is inexcusable, IMHO. Nine times out of ten, careless JavaScript hackers use eval() simply because they are ignorant of language features such as subscript notation, call(), or apply().
Jason:
On June 30th, 2008 at 9:49 am #
Just a quick question/comment on the last slide of “Writing JavaScript Applications”.
You say that eval() does not belong in a production application. How do you evaluate JSON code returned from the server without it? Until the parseJSON() function is implemented don’t we have to use eval()?
I guess you could write your own JSON parser (or perhaps find one that already exists) but in the end you will still be using eval().
In your opinion does this security flaw warrant the overhead that comes with using XML or is it balanced by the performance increase from using JSON? I know that your applications are only as secure as the developer writing them. I think I would choose JSON every time.