JavaScript Object Notation

JavaScript Object Notation is an alternative data format to XML for AJAX. To use JSON you need the json.js script at www.json.org. It contains the JavaScript functions to convert arrays to JSON strings. The JSON strings are parsed by JavaScript as object literal notation which can be evaluated to recreate the object.

JSON is used instead of XML for many AJAX enhanced web applications. It is supported by the ASP.NET AJAX Extensions which are built-in to ASP.NET 3.5 and PHP as can be seen in the json section displayed by phpinfo().

JSON may be useful in a few web applications I manage which are currently trying to store too much data in JavaScript arrays. Unfortunately, many web browsers cannot handle that much data embedded in the web page as JavaScript and it causes many performance problems. JSON could be used to deliver that data to the JavaScript so it won’t be needed within the web page source code which becomes seriously bloated.

Another interesting aspect of JSON is that it can be exploited to run unauthorized JavaScript in the browser. The JSON string data is evaluated as JavaScript code to recreate an object so it can be hacked to include any JavaScript code. You should be aware that any AJAX enhanced web applications which you use that utilize JSON could be hacked to run malicious JavaScript in your browser. I believe this is the method used in many exploits that plague users of social networking sites and other Web 2.0 sites.

This entry was posted in General. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit exceeded. Please complete the captcha once again.