使用JSON.stringify在eval上下文中转义字符串 [英] Escape string in eval context with JSON.stringify

问题描述

首先:我知道有很多与转义有关的问题，但是到目前为止，我还没有找到一个普遍可行的答案.假设我有这个简单的玩具功能用于演示:

First of all: I know that there are many questions related to escaping, but I did not found a generally working answer so far. Say I have this simple toy function for demonstration:

function f(somePOJO) {
  var s = eval("'" + JSON.stringify(somePOJO) + "';"); // for demonstration only
  return JSON.parse(s);
}
const clone = f({a: 1, b: "c"});

给出对象文字，例如 {a:1，b:"c"} (a POJO)， f 应该返回"clone".它的.(请注意，我并没有真正使用这种方法进行克隆或类似操作，而且我知道 eval 是邪恶的，而且这里甚至不需要它，这只是为了演示逃避问题！)

Given an object literal such as {a: 1, b: "c"} (a POJO), f should return a "clone" of it. (Note that I do not really use this approach for cloning or similar, and I am aware that eval is evil and also that it is not even needed here, it's just for demonstration of the escaping problem!)

这很好用，但前提是POJO值不包含'.现在当然可以使用 JSON.stringify(somePOJO).replace(/'/g，``\\''')之类的东西来转义JSON了.如果POJO值包含'，则有效，但如果POJO值包含 \\'，则无效.这就形成了逃逸的螺旋……

This works fine, but only as long as the POJO values do not contain a '. Now of course I could escape the JSON by using something like JSON.stringify(somePOJO).replace(/'/g, "\\'"). This works if the POJO values contain ', but not if they contain \\'. And this creates a spiral of escaping...

这是否有解决方案?

推荐答案

转义函数，通过 eval 函数，JavaScript编译器(在某些情况下)或 JSON.parse 函数实际上是 JSON.stringify .这种 JSON 方法将愉快地对字符串值进行字符串化，而不仅仅是对象数据类型.

The escape function to preserve a JSON string through being evaluated by the eval function, the JavaScript compiler under some circumstances or by the JSON.parse function is actually JSON.stringify. This JSON method will happily stringify string values, not just object data types.

function f(somePOJO) {
  var s = eval( JSON.stringify(JSON.stringify(somePOJO)) );
  return JSON.parse(s);
}
const obj = {a: 1, b: "c", d: "back\\, forward/"}
const clone = f(obj);
console.log(obj);
console.log(clone);

它不是 escape/encodeURI/encodeURIComponent 函数家族之一的原因是，这些函数用于转义包含在URL中的字符，而本例是关于转义要由JavaScipt解析器解析的字符

The reason it's not one of the escape/encodeURI/encodeURIComponent family of functions is that these are for escaping characters for inclusion in URLs whereas this case is about escaping characters to be parsed by a JavaScipt parser.

在大多数情况下，尤其是要使用 JSON.parse 解析JSON文本，第二次对JSON文本进行字符串化并将其解析两次是完全没有必要的.

In most cases, particularly to parse JSON text using JSON.parse, stringifying JSON text a second time and parsing it twice is simply unnecessary.

现在有点学术兴趣，但是在将 JSON 引入Javascript之前，可以通过依次检查字符串的字符并使用反斜杠转义反斜杠，至少一种引号和Unicode转义来对字符串进行字符串化控制代码-发布的问题可能缺少需要转义反斜杠字符和引号的部分.

Of somewhat academic interest now but before the introduction of JSON into Javascript, one could stringify a string by serially inspecting its characters and backslash escaping backslashes, at least one kind of quote marks, and unicode escaping control codes - the posted question may be missing the part about needing to escape backslash characters as well as quote marks.

这篇关于使用JSON.stringify在eval上下文中转义字符串的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！