本文探讨了JavaScript中eval()函数的使用,揭示了它如何动态执行代码并可能带来的安全风险。通过实例展示了eval()在前台交互中的巧妙运用,同时提醒开发者注意其潜在的安全问题。
前台:
$("#BtnShowChart").click(function () {
$("#content").css('display', 'none');
var queryParas = {};
queryParas.dateyear = $("#DDL_Year").val();
queryParas.datasourcetype = $("#DDL_DataType").val();
$.get('GetChartData.aspx', queryParas, function (data) {
if (data == "") {
alert("查询不到数据!");
return false;
}
var dataGet = eval(data);
showChart(dataGet.xAxis, dataGet.yAxis);
});
});后台:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using XXXXX;
using System.Text;
namespace XXXXXXX
{
/// <summary>
/// 获取 图表数据
/// </summary>
public partial class GetChartData : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (string.IsNullOrWhiteSpace(Request.QueryString["dateyear"]) || string.IsNullOrWhiteSpace(Request.QueryString["datasourcetype"]))
{
Response.Write("");
Response.End();
}
string dateYear = Request.QueryString["dateyear"].ToString();
string dataSourceType = Request.QueryString["datasourcetype"].ToString();
Monitoring mon = new Monitoring();
DataTable dt = mon.GetASDataNew(dateYear, int.Parse(dataSourceType));
if (dt.Rows.Count > 0)
{
StringBuilder sbXaxis = new StringBuilder();
StringBuilder sbYaxis = new StringBuilder();
foreach (DataRow row in dt.Rows)
{
sbXaxis.AppendFormat("'{0}'",row["CityName".ToUpper()].ToString());
sbXaxis.Append(",");
if (string.IsNullOrWhiteSpace(row["KH"].ToString()))
{
sbYaxis.Append("0");
}
sbYaxis.AppendFormat("{0}", row["KH".ToUpper()].ToString());
sbYaxis.Append(",");
}
Response.Write("({\"xAxis\":["+sbXaxis.ToString().TrimEnd(',')+"],\"yAxis\":["+sbYaxis.ToString().TrimEnd(',')+"]})");//注意中括号后面还有一双小括号
}
else
{
Response.Write("");
}
Response.End();
}
}
}
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
