Is it valid to define functions in JSON results

Question

Part of a website s JSON response had this      added for context          now function   return new Date  getTime            Is adding anonymous functions to JSON valid   I would expect each time you access  time  to return a different value

User · Answer

Via using NodeJS  commonJS syntax  I was able to get this type of functionality working  I originally had just a JSON structure inside some external JS file  but I wanted that structure to be more of a Class  with methods that could be decided at run time    The declaration of  Executor  in myJSON is not required   var myJSON          Hello    World        Executor         module exports         init       gt    return      myJSON   Executor    first  last    gt    return first   last

User · Answer

Function expressions in the JSON are completely possible  just do not forget to wrap it in double quotes  Here is an example taken from noSQL database design    x000D   x000D    x000D      id     design testdb   x000D     views     x000D       byName     x000D         map    function doc  if doc name  emit doc name doc code     x000D        x000D      x000D    x000D   x000D   x000D

User · Answer

The problem is that JSON as a data definition language evolved out of JSON as a JavaScript Object Notation   Since Javascript supports eval on JSON  it is legitimate to put JSON code inside JSON  in that use-case    If you re using JSON to pass data remotely  then I would say it is bad practice to put methods in the JSON because you may not have modeled your client-server interaction well   And  further  when wishing to use JSON as a data description language I would say you could get yourself into trouble by embedding methods because some JSON parsers were written with only data description in mind and may not support method definitions in the structure   Wikipedia JSON entry makes a good case for not including methods in JSON  citing security concerns      Unless you absolutely trust the source of the text  and you have a need to parse and accept text that is not strictly JSON compliant  you should avoid eval   and use JSON parse   or another JSON specific parser instead  A JSON parser will recognize only JSON text and will reject other text  which could contain malevolent JavaScript  In browsers that provide native JSON support  JSON parsers are also much faster than eval  It is expected that native JSON support will be included in the next ECMAScript standard

User · Answer

No   JSON is purely meant to be a data description language  As noted on http   www json org  it is a  lightweight data-interchange format   - not a programming language   Per http   en wikipedia org wiki JSON  the  basic types  supported are    Number  integer  real  or floating point   String  double-quoted Unicode with backslash escaping  Boolean  true and false  Array  an ordered sequence of values  comma-separated and enclosed in square brackets  Object  collection of key value pairs  comma-separated and enclosed in curly braces   null

User · Answer

Let s quote one of the spec s - http   tools ietf org html rfc7159 section-12  The The JavaScript Object Notation  JSON  Data Interchange Format Specification states      JSON is a subset of JavaScript but excludes assignment and invocation       Since JSON s syntax is borrowed from JavaScript  it is possible to    use that language s  eval    function to parse JSON texts  This   generally constitutes an unacceptable security risk  since the text   could contain executable code along with data declarations  The same    consideration applies to the use of eval  -like functions in any   other programming language in which JSON texts conform to that   language s syntax    So all answers which state  that functions are not part of the JSON standard are correct   The official answer is  No  it is not valid to define functions in JSON results     The answer could be yes  because  code is data  and  data is code    Even if JSON is used as a language independent data serialization format  a tunneling of  code  through other types will work    A JSON string might be used to pass a JS function to the client-side browser for execution      data     1   2     3   4     aFunction   function   return   foo bar          This leads to question s like  How to  Execute JavaScript code stored as a string     Be prepared  to raise your  eval   is evil  flag and stick your  do not tunnel functions through JSON  flag next to it

User · Answer

A short answer is NO        JSON is a text format that is completely language independent but uses   conventions that are familiar to programmers of the C-family of   languages  including C  C    C   Java  JavaScript  Perl  Python  and   many others  These properties make JSON an ideal data-interchange   language    Look at the reason why      When exchanging data between a browser and a server  the data can only   be text       JSON is text  and we can convert any JavaScript object into JSON  and   send JSON to the server       We can also convert any JSON received from the server into JavaScript   objects       This way we can work with the data as JavaScript objects  with no   complicated parsing and translations    But wait     There is still ways to store your function  it s widely not recommended to that  but still possible   We said  you can save a string    how about converting your function to a string then   const data    func       gt  a FUNC       Then you can stringify data using JSON stringify data  and then using JSON parse to parse it  if this step needed      And eval to execute a string function  before doing that  just let you know using eval widely not recommended    eval data func       return  a FUNC

User · Answer

although eval is not recommended  this works    lt  DOCTYPE html gt   lt html gt   lt body gt    lt h2 gt Convert a string written in JSON format  into a JavaScript function  lt  h2 gt    lt p id  demo  gt  lt  p gt    lt script gt      function test val  return val     it s OK       var someVar    yup       var myObj      func    test someVar           document getElementById  demo   innerHTML   eval myObj func    lt  script gt    lt  body gt   lt  html gt

User · Answer

Nope  definitely not    If you use a decent JSON serializer  it won t let you serialize a function like that  It s a valid OBJECT  but not valid JSON  Whatever that website s intent  it s not sending valid JSON

User · Answer

JSON explicitly excludes functions because it isn t meant to be a JavaScript-only data structure  despite the JS in the name

User · Answer

It is not standard as far as I know  A quick look at http   json org  confirms this

User · Answer

Leave the quotes off     var a     b  function   alert  hello world         a b

[json] Is it valid to define functions in JSON results?

Examples related to json

Examples related to anonymous-function