In case you haven’t heard, one of Firefox 3.1’s awesome new features will be native JSON support. This is totally sweet for two reasons:
- eval’ing JSON in the browser is unsafe. Using native JSON parsing protects you against possible code execution.
- Safely eval’ing JSON with a 3rd party library can be orders of magnitude slower. Native JSON parsing is much faster.
How does native JSON work compared to plain old eval? Simple:
var jsonString = '{"name":"Ryan", "address":"Mountain View, CA"}'; var person = JSON.parse(jsonString); // 'person' is now a JavaScript object with 2 properties; name and address
Pretty easy huh? And here’s how to get a JSON string from an object:
var personString = JSON.stringify(person); // 'personString' now holds the string '{"name":"Ryan", "address":"Mountain View, CA"}'
“But wait!”, you say. “How is it safer? How much faster is it compared to eval?”. Ok, I’ll show you.
Native JSON parsing in Firefox 3.1 is safer because it does not support objects with functions. Attempting to convert an object with functions into a JSON string will only convert its properties and not its functions. And any malformed JSON string will result in a parse error instead of possible code execution.
Now, regarding speed, native JSON parsing is faster, much faster. Instead of pretty charts and graphs, I’ll give you a real-world example.
The new Graph Server uses a JSON API to fetch test information and results, so I figured it would be a good application to benchmark. So I wrapped our code that parses the JSON response with some Firebug profiler calls:
console.time('parsejson'); var obj = eval('(' + resp + ')'); console.timeEnd('parsejson');
Loading a test’s results (array with 3,000 indexes, 24k gzipped) gave me a time of 125ms. (Repeated tests yielded results +/- 5ms). Then I changed eval to JSON.parse:
console.time('parsejson'); var obj = JSON.parse(resp); console.timeEnd('parsejson');
Which resulted in an average time of 40ms! That’s about 2.7 times faster with 1 line of code changed. Not bad!
Granted, a difference of 80ms isn’t that much, but in an AJAX (or, more accurately, AJAJ?) application, it can add up.
What’s the use of native JSON if it’s only available in Firefox? Luckily, IE8 has implemented it in RC1, which is rumored to be released in March. Hopefully other browsers will follow suit too, but for now it’s best to use a JSON parser such as the one on json.org. It’s small, safe and will not override native JSON implementation if detected.
Points to remember:
Mike Shaver wrote on :
Bertrand Le Roy wrote on :
betrezel wrote on :
Fabien wrote on :
Nico wrote on :
film indir wrote on :
articles wrote on :
akyaka wrote on :
Patrick wrote on :
Matt wrote on :
Joseph R. Justice wrote on :
sikiĹź izle wrote on :
Timo Reitz wrote on :
Nash Tsai wrote on :
Json is inSecure wrote on :
rdoherty wrote on :