SyntaxStudy
Sign Up
JavaScript JSON Security Considerations
Previous Next
JavaScript Intermediate 5 min read

JSON Security Considerations

JSON Security

Never use eval() to parse JSON — it executes arbitrary code. Use JSON.parse(). Always validate and sanitize JSON from untrusted sources.

Example 
// NEVER do this — eval executes any code in the JSON
const data = eval("(" + untrustedJson + ")"); // dangerous!

// Always use JSON.parse
const safe = JSON.parse(untrustedJson);

// Sanitize after parsing
function sanitizeUser(user) {
  return {
    id:   Number(user.id),           // Coerce to number
    name: String(user.name).slice(0, 100), // Limit length
    role: ["user", "admin"].includes(user.role) ? user.role : "user",
  };
}
JAVASCRIPT
Full Editor
Pro Tip

JSON.parse is safe — it cannot execute code. Still validate the resulting data structure before using it.

Related Resources

JavaScript Reference
Complete tag & property list
JavaScript How-To Guides
Step-by-step practical guides
JavaScript Exercises
Practice what you've learned

More in JavaScript

JS Introduction JS Variables JS Functions JS DOM JS Strings JS Numbers & Math
Previous
Streaming JSON Parsing
Next
JSON Best Practices