JSON Security
Course- Javascript >
Using JavaScript’s eval() function can execute any JavaScript command. This could represent a potential security problem, especially when working with JSON data from untrusted sources.
It is safer to use a browser with a native JSON parser to convert a JSON string into a JavaScript object. A JSON parser will recognize only JSON text and will not execute script commands. Native JSON parsers are generally faster than using eval(), too.
Native JSON support is implemented in the newer browsers and in the latest ECMAScript (JavaScript) standard.