Pros and cons of using secureEvalJson over evalJson

When should I consider using

secureEvalJSON: Converts from JSON to Javascript, but does so while checking to see if the source is actually JSON, and not with other Javascript statements thrown in.

evalJSON: Converts from JSON to Javascript, quickly, and is trivial.

Can you show me an example 开发者_如何学Pythonwhere secureEvalJSON is beneficial over evalJSON??

What are the implications on the performance of using secureEvalJSON ?

More details about this API can be found at: http://code.google.com/p/jquery-json/

Consider

{"test"  : "some_value",
 "test1" : "some_other_value",
 "test2" : alert("Hi, I'm code that is getting executed!")
}

the simple method will simply evaluate this using normal JavaScript (as if it were a plain object, which it is), and execute the alert() command in the process.

The secure method will (presumably) remove the alert().

The secure method would be preferable e.g. when you're receiving code from an untrusted source, to prevent that source from running code in the current user's and page's context.