12

On the surface it appears that python uses json natively. The only exception I can think of is the fact that json can store js functions.

Here's my issue: I need to pass json to a python file through the terminal.
Why should or shouldn't I just use eval()?

Stephen
  • 7,994
  • 9
  • 44
  • 73
  • "it appears that python uses json natively"? Since there's a separate `json` library, I don't get this statement at all. It seems like a separate library would indicate that JSON is not a first-class part of Python's syntax. – S.Lott Apr 07 '11 at 18:07
  • 2
    Really the question should be something like 'What is the difference between python object literal syntax and JSON?'. Also, don't use eval - http://stackoverflow.com/a/1832957/397719 – SpacedMonkey Mar 27 '13 at 14:43
  • I appreciate your answer @SpacedMonkey. I watched a presentation by a guy at twitter (I believe) discuss how JSON.parse() falls back to eval in some situations and how rules of thumb are only rules of thumb. But for someone like me who doesn't want to investigate all the eery details, not using eval is the right way to go. – Stephen Mar 27 '13 at 18:22
  • I'm not sure exactly what "pass json to a python file through the terminal" means in this case, but if you don't control the string you `eval` you might make yourself vulnerable to [code injection](https://en.wikipedia.org/wiki/Code_injection). – HelloGoodbye Sep 01 '17 at 08:12

2 Answers2

27

No, Python does not use JSON natively. This stuff you think is JSON is, in fact, a dictionary, one of many kinds of objects in Python. The (easy) syntax for building a dictionary in Python is pretty close to JSON but it is incidental. As you can create a dictionary this way:

a = {'a' : 2, 'b' : 3}

you can create it this way, too:

a = dict([('a', 2), ('b', 3)]);

So, what are the syntaxes so similar? Well, JSON syntax is inspired by JavaScript syntax for arrays. It is likely that the JavaScript syntax also inspired the way Python dictionaries are written or vice versa. But never assumes these three syntaxes – JavaScript, JSON and Python dicts - to be the same or interchangeable.

Given that, why should you not use eval() for convert JSON in a dictionary? Firstly, because eval() can do anything in Python – such as exiting the program, removing a file, changing some internal data etc. etc. Hence, by using eval(), you might make yourself vulnerable to code injection, depending on how you use it. Also, using eval() for converting JSON to a dict assumes the syntax of both are identical – which is not necessarily true; even if the syntaxes were identical, they cannot be in the future. Finally, there is a much better and more practical way to parse JSON: the json module:

>>> import json
>>> json.loads('{"a":1}')
{'a': 1}

Use it to parse your JSON.

Good luck!

HelloGoodbye
  • 3,624
  • 8
  • 42
  • 57
brandizzi
  • 26,083
  • 8
  • 103
  • 158
18

JSON does not have objects per se, and cannot store JavaScript functions. Its syntax may appear similar to JavaScript literals, but trying to use it as such all the time will cause nothing but pain.

And there should be no need to use eval(); both JavaScript and Python have JSON parsers and serializers readily available.

Ignacio Vazquez-Abrams
  • 776,304
  • 153
  • 1,341
  • 1,358