JSON

Introduction to JSON

字号+ 作者:H5之家 来源:H5之家 2017-03-29 16:00 我要评论( )

Introduction to JSON JSON (JavaScript Object Notation) is a lightweight data-interchange format (if you are new to JSON, you can read more about it on the JSON website). It is notably used by APIs all over the web and is a fast alternative

Introduction to JSON

JSON (JavaScript Object Notation) is a lightweight data-interchange format (if you are new to JSON, you can read more about it on the JSON website). It is notably used by APIs all over the web and is a fast alternative to XML in Ajax requests. Prototype 1.5.1 finally features JSON encoding and parsing support.

Prototype's JSON implementation is largely based on the work of Douglas Crockford which will most likely be natively included in future versions of the main browsers. Crockford's implementation is unfortunately unsuitable for use with Prototype because of the way it extends Object.prototype. (Note that this will no longer be an issue once it is natively implemented.)

Encoding

Prototype's JSON encoding slightly differs from Crockford's implementation as it does not extend Object.prototype. The following methods are available: Number#toJSON, String#toJSON, Array#toJSON, Hash#toJSON, Date#toJSON, and Object.toJSON.

If you are unsure of what type the data you need to encode is, your best bet is to use Object.toJSON like so:

In other cases (i.e. if you know that your data is not an instance of Object), you can invoke the toJSON method instead:

Furthermore, if you are using custom objects, you can set your own toJSON method which will be used by Object.toJSON. For example:

Finally, using Element.addMethods you can create custom toJSON methods targeted at specific elements.

Parsing JSON

In JavaScript, parsing JSON is typically done by evaluating the content of a JSON string. Prototype introduces String#evalJSON to deal with this:

String#evalJSON takes an optional sanitize parameter, which, if set to true, checks the string for possible malicious attempts and prevents the evaluation and throws a SyntaxError if one is detected.

You should always set the sanitize parameter to true and an appropriate content-type header (application/json) for data coming from untrusted sources (external or user-created content) to prevent XSS attacks.

String#evalJSON internally calls String#unfilterJSON and automatically removes optional security comment delimiters (defined in Prototype.JSONFilter).

You should always set security comment delimiters (/*-secure-\n...*/) around sensitive JSON or JavaScript data to prevent Hijacking. (See for more details.)

Using JSON with Ajax

Using JSON with Ajax is very straightforward, simply invoke String#evalJSON on the transport's responseText property:

If your data comes from an untrusted source, be sure to sanitize it:

 

1.本站遵循行业规范,任何转载的稿件都会明确标注作者和来源;2.本站的原创文章,请转载时务必注明文章作者和来源,不尊重原创的行为我们将追究责任;3.作者投稿可能会经我们编辑修改或补充。

相关文章
  • 自己动手使用 Swift 打造全功能 JSON 解析、生成库

    自己动手使用 Swift 打造全功能 JSON 解析、生成库

    2017-03-29 16:01

  • JSON:如果你愿意一层一层剥开我的心,你会发现...这里水很深 深

    JSON:如果你愿意一层一层剥开我的心,你会发现...这里水很深 深

    2017-03-29 15:02

  • Linux Shell格式化Json

    Linux Shell格式化Json

    2017-03-28 15:01

  • php中不转义中文字符的 json编码方法

    php中不转义中文字符的 json编码方法

    2017-03-28 15:00

网友点评
9