[ https://issues.apache.org/jira/browse/ACCUMULO-4590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15876205#comment-15876205 ]
Sean Busbey commented on ACCUMULO-4590: --------------------------------------- browser coverage for switching to JSON.parse: * http://caniuse.com/#search=JSON.parse * https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON Looks good enough to just use it directly rather than install one of the third party fall-back mechanisms. > Use JSON.parse instead of eval on client side javascript > -------------------------------------------------------- > > Key: ACCUMULO-4590 > URL: https://issues.apache.org/jira/browse/ACCUMULO-4590 > Project: Accumulo > Issue Type: Bug > Components: monitor > Affects Versions: 1.6.6, 1.7.2, 1.8.0, 2.0.0 > Reporter: Sean Busbey > Labels: security > > Right now we rely on "eval" to decode json results in the monitor display: > [vis.js| > https://github.com/apache/accumulo/blob/master/server/monitor/src/main/resources/web/vis.js#L85] > {code} > function handleNewData() { > if (xmlhttp.readyState!=4) { > return; > } > if (xmlhttp.status!=200 || xmlhttp.responseText==null) { > xmlReturned = true; > return; > } > var newstats = eval('(' + xmlhttp.responseText + ')'); > {code} > We should instead use JSON.parse -- This message was sent by Atlassian JIRA (v6.3.15#6346)