Sean Busbey created ACCUMULO-4590: ------------------------------------- Summary: Use JSON.parse instead of eval on client side javascript Key: ACCUMULO-4590 URL: https://issues.apache.org/jira/browse/ACCUMULO-4590 Project: Accumulo Issue Type: Bug Components: monitor Affects Versions: 1.8.0, 1.7.2, 1.6.6, 2.0.0 Reporter: Sean Busbey
Right now we rely on "eval" to decode json results in the monitor display: [vis.js| https://github.com/apache/accumulo/blob/master/server/monitor/src/main/resources/web/vis.js#L85] {code} function handleNewData() { if (xmlhttp.readyState!=4) { return; } if (xmlhttp.status!=200 || xmlhttp.responseText==null) { xmlReturned = true; return; } var newstats = eval('(' + xmlhttp.responseText + ')'); {code} We should instead use JSON.parse -- This message was sent by Atlassian JIRA (v6.3.15#6346)