Last modified: 2008-04-05 18:54:12 UTC
It would be enormously useful to be able to use square brackets in JSON callbacks, like so: &callback=foo[4] ... or like so: &callback=foo%5B4%5D Thanks very much!
(In reply to comment #0) > It would be enormously useful to be able to use square brackets in JSON > callbacks, like so: > > &callback=foo[4] How in the name of hell can foo[4] (an array element) be a valid JavaScript function? Do you have an array of functions? An array of function pointers? Is that even *possible* in JavaScript? Closing as INVALID for now.
Yes, that's entirely possible in JavaScript. I can't say I'd recommend it for readability purposes, though. :)
Functions can be members of arrays, and their indices are available inside; this comes in handy when you need to know which of many possible responses to an API query you're looking at. Vital for Web apps that might make more than one query to the same API before reloading the page. Here is some generic code: // create an empty array: var ping = []; // after you've recieved a value for myQuery, create a function to receive results: var n = ping.length; ping[n] = function(result) { if (result.totalResultsAvailable) { alert('Results found: ' + result.totalResultsAvailable); } else { alert('Nothing found, sorry!'); } var s = document.getElementById(ping[n]); if (s !== 'undefined') { s.parentNode.removeChild(s); } delete ping[n]; }; // create an API call var myCallback= 'ping[' + n + ']'; var url = 'http://your.api.com/?callback=' + myCallback + '&query=' + myQuery; var s = document.createElement('SCRIPT'); s.id = callback; // append a script node with the call document.getElementsByTagName('BODY')[0].appendChild(s); I have a presentation online here: http://kentbrewster.com/wiki-widget ... that shows this technique in use, if you're interested.
Creeeeeepy... :D
Even then, can't use just do var myFunc = funcArr[n]; and use myFunc() as a callback?
Does this introduce security problems? Do we need to check whether the callback is valid JS?
Roan: yes, but you still need to pass n to funcArr[n], right? Or am I missing something? Bryan: it's probably already been taken care of in your filtering. As long as you're only allowing integers between those square brackets, you're fine. If you look at http://developer.yahoo.com/common/json.html, you'll see that one of the world's biggest providers of API data does this with all their calls; so far, nothing bad has happened.
That basically means that we would have to drop the filtering that is done on the callback parameter. No problems with that as far as I can see. Brion?
Well, I might recommend a basic sanity check; returning completely arbitrary input might be used to generate special file download links, say a big ol' EXE file with some junk JSON at the end. :)
I'm gonna look into this some time this week.
Fixed in r32822: Extended allowed characters in JSON callback to ][.'"_A-Za-z0-9
