up vote 0 down vote favorite

I use the JavaScriptSerializer class of ASP.net to serialize my object and return it to the client side. How can I deserialize the string using JavaScript?

share|improve this question
95% accept rate
Obligatory link: json.org – pst Jan 21 '11 at 4:53
"JSON Object" is kind of an oxymoron. It's either an object, or a JSON string. Both not both at the same time. – Ates Goral Jan 21 '11 at 5:11
feedback

4 Answers

up vote 6 down vote accepted

If you're using jQuery already, you'll be happy to know that you can parse a JSON string with jQuery.parseJSON.

If you aren't using jQuery and don't want to, you can always use the wonderful JSON.parse or json_parse, written by none other than Douglas Crockford himself.

I would avoid eval() if it isn't necessary.

share|improve this answer
+1 because ... 1) Someone else has already solved this problem 2) Someone else has already solved this problem in a good way. – pst Jan 21 '11 at 4:55
Except that jQuery.parseJSON() doesn't serialize .Net DateTime objects into jscript date objects. Instead they're simply deserialized to strings. – jlafay Sep 13 at 15:26
feedback
up vote 3 down vote

I am going to propose ... do nothing. This assumes the serialized result is returned with the page and/or an additional HTML fragment.

// In some JavaScript area somewhere in the ASP page
var myObject = <%= JSONIfiedObjectResult %>;

This works and is valid because JSON is a subset of JavaScript literals. Note that I did not put quotes around the <%= %>.

If the de-serialization is the result on an AJAX call returning JSON, etc, then see Zack's answer.

share|improve this answer
feedback
up vote 0 down vote

Pretty trivial -- just do

var x = eval(theString);

which should get everything except ASP.Net's unique serialization of DateTime, which is not supported by "real" JSON and is an ASP.Net extension. To use ASP.Net's deserializer, make sure you include an <asp:ScriptManager> tag in your page, and call

var x = Sys.Serialization.JavaScriptSerializer.deserialize(theString);

which will invoke the special Date handling and probably get you better security.

share|improve this answer
-1 Use of eval without showing alternative. – pst Jan 21 '11 at 4:57
@pst What? The alternative is there -- and if you use that alternative you get Date handling thrown in. – Jeffrey Hantin Jan 21 '11 at 5:16
feedback
up vote 0 down vote

Pretty standard, not so safe:

eval('(' + json + ')');

Kind of cool thing that jQuery does, still not very safe:

(new Function('return ' + json))();
share|improve this answer
So what would a "good, safe" approach be? – pst Jan 21 '11 at 4:55
-1 Use of eval without showing alternative. – pst Jan 21 '11 at 4:56
@pst Using window.JSON.parse and never working with IE 6 or 7. – sdleihssirhc Jan 21 '11 at 4:59
feedback

Your Answer

 
or
required, but never shown
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.