Safe Conversion Methods from Object Strings to JSON Strings in JavaScript

Problem Background and Challenges

In JavaScript development, there is often a need to convert strings describing objects into standard JSON format. This scenario typically occurs when processing data from external sources or legacy systems. The original strings may use JavaScript object literal syntax but do not comply with strict JSON specification requirements.

Core Solution: Combined Use of eval and JSON.stringify

When dealing with strings from trusted data sources, a combination of eval() and JSON.stringify() can be employed. The specific implementation is as follows:

var str = "{ hello: 'world', places: ['Africa', 'America', 'Asia', 'Australia'] }";
var json = JSON.stringify(eval("(" + str + ")"));

The key technical point here is that the string must be wrapped in parentheses before being passed to the eval() function. This is because in JavaScript syntax, when curly braces appear at the beginning of a statement, the parser interprets them as a code block rather than an object literal. By adding parentheses, we force the parser to evaluate the content as an expression, thus correctly recognizing it as an object.

Security Considerations and Risk Analysis

Although the eval() method can solve the problem, it must be used with caution. This method executes any JavaScript code passed to it, and if the string comes from an untrusted source, it may cause serious security vulnerabilities, such as code injection attacks. In practical applications, this method should be strictly limited to processing data from completely trusted sources only.

Detailed Explanation of JSON.stringify Method

The JSON.stringify() method is responsible for converting JavaScript values to JSON strings. This method automatically handles the following conversions:

• Wrapping object property names in double quotes
• Converting single quotes in string values to double quotes
• Correctly processing array and nested object structures
• Ignoring functions and undefined values

The converted result fully complies with JSON specifications and can be safely transmitted and parsed between different systems.

Best Practices: Generating Valid JSON from the Source

The most ideal solution is to ensure that the output conforms to JSON standards during the data generation phase. Especially in HTML data attribute usage scenarios:

<div data-object='{"hello":"world"}'></div>

In this way, JSON.parse() can be used directly for parsing without additional conversion steps:

var str = '{"hello":"world"}';
var obj = JSON.parse(str);

Related Technology Comparison

Compared to alternative solutions such as jQuery.parseJSON, native JSON.parse offers better performance and browser compatibility. It is important to note that these methods all require the input string to be valid JSON format and cannot directly process non-standard object literals.

Extended Practical Application Scenarios

When dealing with complex data structures, situations involving date objects or special characters may be encountered. The JSON specification requires dates to be represented as strings, which can be converted during parsing using a reviver function:

const obj = JSON.parse(text, function (key, value) {
    if (key == "birth") {
        return new Date(value);
    } else {
        return value;
    }
});

Summary and Recommendations

Although converting non-standard object strings through eval() is technically feasible, from the perspectives of security and code quality, it is recommended to ensure that the output conforms to JSON standards during the data generation phase. For cases where legacy data must be processed, the trustworthiness of the data source should be strictly verified, and safer alternatives such as specialized parsing libraries or custom parsing functions should be considered.