传递给 javascript eval 的单引号/双引号字符串之间有区别吗?
我有一条通过网络套接字发送的服务器消息。该消息是一个 json(已验证)字符串。 当它到达浏览器时,我检查它是否是一个带有 typeof(data) 的字符串,它告诉我它实际上是一个字符串。当我最终执行 var some_obj = eval( '(' + data + ')' ); 它给了我一个 Uncaught SyntaxError: Unexpected token ILLEGAL 错误。
另外,在使用eval()之前,我console.log(data)并且它显示正确,尽管alert(data)不会在对话框上显示任何内容。
我不明白发生了什么事。
我还尝试了 var myJson = '{ "x": "Hello, World!", "y": [1, 2, 3] }'; 然后 var myObj = eval( '(' + myJson + ')' ); 它有效,所以我真的不明白为什么我的不能被评估(解析)。
通过网络套接字收到的字符串是这样的:
received 37 bytes » { "cmd": "setname", "params": "ok" }
其中 data = { "cmd": "setname", "params": "ok" } (我想带有引号,因为 typeof(数据) 存在 = 字符串)。
有什么建议吗?感谢
edit1 » 对于网络套接字,您必须在服务器的输出字符串前面添加一个空字符(0 ascii)并附加一个转义字符(255 ascii)。我假设客户端(浏览器)在实现网络套接字时必须处理这个问题并正确解开字符串(作为标准),就像我在服务器中所做的那样。问题是,可能还剩下一些转义字符,并且它没有正确处理它。但当我尝试发送 json 字符串进行 eval()ed 时,问题才开始。否则它们可以像任何其他字符串一样正常工作。
i have a server message sent via web-sockets. that message is a json (validated) string.
when it gets to the browser i check that it is a string with typeof(data) and it tells me that it is, in fact, a string. When finally i do var some_obj = eval( '(' + data + ')' );
it gives me an Uncaught SyntaxError: Unexpected token ILLEGAL error.
also, before using eval(), i console.log(data) and it displays correctly, although an alert(data) won't show anything on the dialog.
i can't understand what's happening.
i also tried var myJson = '{ "x": "Hello, World!", "y": [1, 2, 3] }'; and then var myObj = eval( '(' + myJson + ')' ); and it works, so i really can't understand why mine can't be evaluated (parsed).
the string received via web-sockets is this:
received 37 bytes » { "cmd": "setname", "params": "ok" }
where data = { "cmd": "setname", "params": "ok" } (with quotes i suppose, because of typeof(data) being = string).
any tips? thanks
edit1 » with web-sockets, you have to prepend a null char (0 ascii) and append a escape char (255 ascii) to the output string from the server. i assume the client (browser) as it implements web-sockets must deal with this and unwrap the string correctly (as the standard) and as i do in my server. thing is, there might be some escape char left and it doesn't deal with it correctly. but the problem only started when i tried to send json strings to be eval()ed. otherwise they work properly as any other string.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
不,
"和'对于引用字符串没有什么区别,除了可以使用"而无需在用'反之亦然。但我认为(你的问题的标题)实际上与你遇到的问题没有任何关系。重新编辑时,如果您想确保字符串中不存在值为 0 或 255 的字符,您可以这样做:
...在将其传递给
eval之前。听起来你可能想这样做,因为你的事情是说它收到了 37 个字节,但字符串只有 36 个字符长,并且不使用任何需要两个字节的字符(或者可能它只是在末尾有一个空格)看不到)。跑题:最好不要使用
eval来反序列化JSON。相反,使用直接处理它的库。 Crockford 在他的 github 页面上有两个不同的非eval库,一个(json_parse.js) 使用递归下降解析器,另一个 (json_parse_state.js) 使用状态机。如果你真的非常想使用 eval 来解析 JSON,请看一下他在 json2.js 中的实现,它至少需要几个步骤来清除恶意内容。题外话2:回复
我们只在代码中使用引号来引用字符串文字;内存中实际字符串数据本身没有引号。如果我这样做:
...
foo指向的字符串完全由字符 b、a 和 r 组成。没有引号;引号仅在代码中告诉解析器接下来是字符串文字。No, there's no difference between
"and'for quoting strings other than that you can use"without escaping it inside a string quoted with'and vice-versa. But I don't think that (the title of your question) actually has anything to do with the problem you're having.Re your edit, if you want to ensure that there are no characters with the value 0 or 255 in the string, you can do that like this:
...before passing it to
eval. And it sounds like you might want to do that, since your thing is saying it's received 37 bytes but the string is only 36 characters long and doesn't use any characters requiring two bytes (or perhaps it just has a space at the end I can't see).Off-topic: It's best not to use
evalto deserialize JSON. Instead, use a library that handles it directly. Crockford has two different non-evallibs on his github page, one (json_parse.js) that uses a recursive-descent parser and another (json_parse_state.js) that uses a state machine. If you really, really want to useevalto parse JSON, take a look at his implementation in json2.js, which at least takes a couple of steps to weed out malicious stuff.Off-topic 2: Re
We only use quotes to quote string literals in code; there are no quotes around actual string data itself in memory. If I do this:
...the string that
foopoints to consists entirely of the characters b, a, and r. There are no quotes; the quotes are only there in the code to tell the parser that what follows is a string literal.