aterimperator
Reputation: 199
Parsing JSON from AJAX, potential man in the middle with eval?
I'm writing some AJAX; the server returns JSON (that I also wrote, and as such is sanitary JSON). Under these conditions it seems I can use eval just fine, however I worry that there may be some sort of man in the middle attack on my clients, substituting their JSON for mine. I suppose if there is a man in the middle, they can just as easily substitute their own javascript files as they can change my JSON...
So I guess if anyone can confirm I'm right, that so long as I can trust the server's JSON I can trust the JSON (and thus use eval), then that'd be nice.
Upvotes: 1
Views: 527
Answers (1)
Ignacio Vazquez-Abrams
Reputation: 798576
It's right there, do you really want to chance it?
Upvotes: 1
Related Questions
- Convert eval() to JSON.parse
- Is it safe to use eval in javascript when it only executes server-side data?
- Javascript json eval() injection
- JQuery getJSON - ajax parseerror
- Use JSON parse instead of eval
- using eval to parse the JSON string
- Alternatives to JavaScript eval() for parsing JSON
- Is this use of JavaScript eval admissible?
- Is JSON.parse() really safer than eval() when web page and ajax call come from same server?
- Using JavaScript eval to parse JSON