JSON.stringify()

  • Syntax: json.stringify (value, replacer, space)

  • Value: This field is mandatory. It’s the objects that you put in, like arrays, classes, etc

  • Replacer: Optional. It is divided into two forms, one is an array, the second is a method.

    If the parameter is an array, only the property names contained in the array will be serialized into the final JSON string; If this parameter is null or not provided, all attributes of the object are serialized

    2. If the parameter is a function, each attribute of the serialized value is converted and processed by the function during serialization

  • Space: Optional, specifying a blank string for indentation to beautify the output

    1) If the argument is a number, it represents how many Spaces there are; The upper limit is 10. If the value is less than 1, there are no Spaces

    2) If it is just a string, append the string to the output value on each line. Of course, the maximum length is also 10 characters

    3) If it is some escape character, such as “\t”, for carriage return, then it is a carriage return per line

    4) If this parameter is not provided (or null), there will be no Spaces.

JSON. parse()

  • Syntax: JSON. Parse (text, reviver)

  • Text: Required, a valid JSON string

  • Reviver: Optional, function that transforms the result and will be called for each member of the object

    The reviver function will be passed an empty string “” when iterating to the top level value (the parsed value).

    2. The traversal order of the function is as follows: start from the innermost layer and traverse outward in order of hierarchy

  • Note: Ending with a comma is not allowed

eval()

  • Grammar: eval (string)

  • String: A string that represents a JavaScript expression, statement, or series of statements. Expressions can contain variables and attributes of existing objects.

  • Return value: Returns the return value of the code in the string. If the return value is null, undefined is returned.

  • Note to JSON: When using eval to parse jSON-formatted strings, {} is parsed into code blocks

    1. Concatenate “var o =” before JSON string;

    {} is not parsed as a block of code, but as an expression.

When eval() is called in non-strict mode, variables declared with var and functions declared with function modify the current lexical scope. Variables declared with let and const do not modify the current lexical scope, but create a new lexical scope in the current one.

/** * Modifies the current lexical scope with variables declared by var and functions declared by function. * The variables a and function fnA created inside inner override the variables A and function fnA created outside. * The variable a and function fnA are not promoted in inner. */ (function () { const a = 0; function fnA() { return 10; } (function inner() { console.log(a); // 0 console.log(fnA()); // 10 eval('var a = 1; function fnA () { return 11; }; '); console.log(a); // 1 console.log(fnA()); / / 11} ()); } ()); // Variables declared with const and let do not modify the current lexical scope; a new lexical scope is created at the current time. The variables a and b cannot be accessed outside eval(). (function () { eval('const a = 2; let b = 3; '); console.log(a); // ReferenceError console.log(b); // ReferenceError }());Copy the code

Var () and function (function) are used to modify the global lexical scope. Variables declared using let and const are not used to modify the global lexical scope. However, new lexical scopes are created in the global environment.

var g = 0; (function () { const g = 1, ev = eval; function fnG() { return 10; } ev('console.log(g)'); // 0 ev('var g = 2; function fnG () { return 11; }; '); console.log(g); // 1 console.log(fnG()); / / 10} ()); console.log(g); // 2 console.log(fnG()); / / 11Copy the code

3. When eval() is called directly in strict mode, a new independent lexical scope is created at the moment.

(function () { const a = 0; function fnA() { return 10; } (function inner() { 'use strict'; console.log(a); // 0 console.log(fnA()); // 10 eval('var a = 1; function fnA () { return 11; }; '); console.log(a); // 0 console.log(fnA()); / / 10} ()); } ());Copy the code

4. When an indirect reference to eval() in strict mode (the string is executed in strict mode only when strict mode is turned on in a string in Eval ()), a new independent lexical scope is created in the global environment.

var m = 0; (function () { const m = 1, ev = eval; function fnM() { return 10; } ev('\'use strict\'; console.log(m)'); // 0 ev('\'use strict\'; var m = 2; function fnM () { return 11; }; '); console.log(m); // 1 console.log(fnM()); / / 10} ()); console.log(m); // 0 console.log(fnM()); // ReferenceErrorCopy the code

5. Using window.eval() is equivalent to referencing eval() indirectly.

Var x = 0; (function () { const x = 1; function fnX() { return 10; } window.eval('console.log(x)'); 0 window.eval('var x = 2; function fnX () { return 11; }; '); console.log(x); // 1 console.log(fnX()); / / 10} ()); console.log(x); // 2 console.log(fnX()); Var y = 0; (function () { const y = 1; function fnY() { return 10; } window.eval('\'use strict\'; console.log(y)'); // 0 window.eval('\'use strict\'; var y = 2; function fnY () { return 11; }; '); console.log(y); // 1 console.log(fnY()); / / 10} ()); console.log(y); // 0 console.log(fnY()); // ReferenceErrorCopy the code

6. Code executed in eval() can only be interpreted by invoking the JS Interpreter, not optimized by the JIT Compiler. Code executed in eval() may cause the JS engine to perform variable lookups and assignments in the generated machine code. This brings performance problems.

7. Improper use of eval() can make strings executed within it vulnerable to malicious modification, posing security problems (such as XSS attacks).

Using eval() interferes with the behavior of the code compression tool. Code compression tools typically rename local variable names to shorter ones (such as a and B) to reduce code size. When eval() is used, the code compression tool does not compress the names of external local variables that eval() can access, reducing the code compression rate.

  • Note: It is best never to use the eval function, which executes code with the same permissions as the caller.

  • If the string code you run with Eval () is modified by a malicious party, you may end up running malicious code on the user's computer under the authority of your web page/extension.

  • More importantly, third-party code can see the scope in which an eval() is called, which can lead to attacks in different ways. Similar functions are less vulnerable to attack.