0

Just playing around with a JSON array and wanted to know if it was possible to console log from directly within a JSON array. ie:

{ "id": "1", "type": "text", "description": "hello <script>console.log('console this text')</script> I am testing },

In the above example it will display the <script>console.log('console this text')</script> as text rather than as actual html. Any way to make this work to produce the message in console by placing it within the array?

Improve this question
8
  • Insert it into the DOM. Then it should get parsed and executed. Commented Aug 23, 2013 at 6:28
  • @Sirko: As in a document.write? Can you provide an example answer? Thanks Commented Aug 23, 2013 at 6:34
  • Probably this is what you are looking for stackoverflow.com/questions/510779/… Commented Aug 23, 2013 at 6:35
  • @RajaM: Thanks but doesn't quite tell me how to do it as per my example above :/ Commented Aug 23, 2013 at 6:38
  • @Dave I'd prefer to use some <div> in your document and then set innerHTML to the respective content. Commented Aug 23, 2013 at 6:43

2 Answers 2

Reset to default
1

That really depends on what you mean...

In straight JavaScript, you can use object notation in that way, but you really need to wrap it in a function call.

In addition to this, you are mixing javascript and loose text very badly... you really need to let the browser know which one you are using and when.

For example, those script tags? If you are already using JavaScript, then why tell the browser 'here is some script'?

With a little cleaning up:

var myObject = { 
    id: "1", 
    type: "text", 
    description: function(){console.log('console this text')}
}

myObject.description();

This is valid JavaScript and will run perfectly well in a browser if entered into the page this way.

However, I suspect that this isn't what you mean... what you intend to do is to pull this from an AJAX call, for example, and have it run arbitrary script within a browser.

That will not work.

JSON, used this way, is designed as a data format, and does not allow methods to be passed, only properties.

However, there are some uses where this type of behavior could be coaxed: LOOK HERE.

In short, ANY text, JSON or not, could be evaluated on a client system and could potentially run malicious code. This is very similar to security issues in PHP where poor programming practice allows the use eval and other exploits to run client fed code on the server.

This is why so many websites are neurotic in their scrubbing of any data which has been fed by an arbitrary user... scrubbing html tags and javascript code out of user comments, for example.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks Steve, that makes perfect sense now!
Can you update your answer to show text before and after the function in "description"?
@Dave You mean to dump text onto the web page? No... not without a document.write() or similar. In this case, it is pure JavaScript, so raw text is not displayed as it would be in HTML, its instead handled as an error. Imagine the above code placed between your script tags, for example, or loaded into an external script file. It isn't interpreted as HTML at all.
0

You can try using a self invoking function.

var obj = {
'a' : '1',
'b' : '2',
'c' : (function(){console.log('3')})()
}
Improve this answer

2 Comments

What about text before and after the function?
You can't do it. it just runs automatically when declared

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.