How to De-Stringify Stringified JavaScript?

Question

How to 'de-stringify' JavaScript code that has been stringified? JSON.parse does not seem to work. We want to store JavaScript code in the database and then retrieve it and then eval it. Here's the code in the database:

//# sourceURL=journal.js

function onBlur(e) {

    var drAmount = script.getGridRowFieldValue('debitamount', e.rowuid)
    var crAmount = script.getGridRowFieldValue('creditamount', e.rowuid);

    // Prevent both debit and credit from having values.      
    if (drAmount != undefined && crAmount != undefined) {

        if (e.fieldname == 'debitamount') {
            script.setGridRowFieldValue('creditamount', e, undefined)
        } else if (e.fieldname == 'creditamount') {
            script.setGridRowFieldValue('debitamount', e, undefined)
        }

    }
}

Here's what's returned:

"//# sourceURL=journal.js\r\n\r\nexport function onBlur(e) {\r\n\r\n var drAmount = script.getGridRowFieldValue('debitamount', e.rowuid)\r\n var crAmount = script.getGridRowFieldValue('creditamount', e.rowuid);\r\n\r\n // Prevent both debit and credit from having values. \r\n if (drAmount != undefined && crAmount != undefined) {\r\n\r\n if (e.fieldname == 'debitamount') {\r\n script.setGridRowFieldValue('creditamount', e, undefined)\r\n } else if (e.fieldname == 'creditamount') {\r\n script.setGridRowFieldValue('debitamount', e, undefined)\r\n }\r\n\r\n }\r\n}\r\n\r\n\r\n\r\n\r\n"

Javascript is not JSON. It would be very strange if `JSON.parse()` helped you here. The [`eval()`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval) function is what you want, but be *very* careful not to `eval()` any "outside" code. There's a reason (more than one) that `eval()` is *not* a generally-recommended practice. — Paul Roub, Apr 27 '15 at 18:46
There's actually another issue beyond eval. In your returned minified block, I see terms like `export function onBlur`. That's not pure JavaScript - it might be part of some intermediary language like TypeScript or some ES6-inclusive compiler. — Katana314, Apr 27 '15 at 18:51

ekuusela · Answer 1 · 2015-04-28T09:20:16.200

2

See eval. It accepts a string as a parameter, you could just pass that string into it and it should work.

Also, please read and understand the warnings mentioned by others and in the documentation I linked to.

edited Apr 28 '15 at 09:20

answered Apr 27 '15 at 18:47

ekuusela

5,034
1
25
43

Totally and completely understand the risks! – A2MetalCore Apr 27 '15 at 19:07

score 1 · Accepted Answer · answered Apr 27 '15 at 18:49

1

You should try to extract your object's behaviour from it's data. It's generally a bad thing to use eval, specially if you can't trust the string you are parsing. You should store the data as json, and the functions that consume the data should be static and be added to your object via prototype or something like that.

answered Apr 27 '15 at 18:49

Luan Nico

5,376
2
30
60

The entire product is customizable via JavaScript. Companies like ServiceNow and NetSuite use similar techniques. The risks are manageable. – A2MetalCore Apr 27 '15 at 19:09
In that particular case then, if there is no way to 'standarize' the functions, `eval` might be your friend :) – Luan Nico Apr 27 '15 at 19:19

score 0 · Answer 3 · edited May 23 '17 at 11:50

0

You should not JSON.stringify javascript code, only javascript data objects.

See this JSON.stringify function

Save the code as a string on your database. You might want to obfuscate your code. How can I obfuscate (protect) JavaScript?

edited May 23 '17 at 11:50

Community

1
1

answered Apr 27 '15 at 18:51

Peheje

12,542
1
21
30

The REST API stringified the data. – A2MetalCore Apr 27 '15 at 19:11

How to De-Stringify Stringified JavaScript?

3 Answers3