From 90a87c03b4943d75c24bc5e6246630231d12d933 Mon Sep 17 00:00:00 2001
From: John Resig <jeresig@gmail.com>
Date: Wed, 20 May 2009 21:28:48 +0000
Subject: [PATCH] Switched to using new Function instead of eval for handling
 JSON parsing (Fixes bug #4680). Added support for
 JSON.parse, if it exists (Fixes bug #4429).

---
 src/ajax.js       |   20 ++++++++++++++------
 test/unit/ajax.js |   19 +++++++++++++++++++
 2 files changed, 33 insertions(+), 6 deletions(-)

diff --git a/src/ajax.js b/src/ajax.js
index bffbeb6..4db08a4 100644
--- a/src/ajax.js
+++ b/src/ajax.js
@@ -481,24 +481,32 @@ jQuery.extend({
 			xml = type == "xml" || !type && ct && ct.indexOf("xml") >= 0,
 			data = xml ? xhr.responseXML : xhr.responseText;
 
-		if ( xml && data.documentElement.tagName == "parsererror" )
+		if ( xml && data.documentElement.tagName == "parsererror" ) {
 			throw "parsererror";
+		}
 
 		// Allow a pre-filtering function to sanitize the response
 		// s != null is checked to keep backwards compatibility
-		if( s && s.dataFilter )
+		if ( s && s.dataFilter ) {
 			data = s.dataFilter( data, type );
+		}
 
 		// The filter can actually parse the response
-		if( typeof data === "string" ){
+		if ( typeof data === "string" ) {
 
 			// If the type is "script", eval it in global context
-			if ( type == "script" )
+			if ( type === "script" ) {
 				jQuery.globalEval( data );
+			}
 
 			// Get the JavaScript object, if JSON is used.
-			if ( type == "json" )
-				data = window["eval"]("(" + data + ")");
+			if ( type == "json" ) {
+				if ( typeof JSON === "object" && JSON.parse ) {
+					data = JSON.parse( data );
+				} else {
+					data = (new Function("return " + data))();
+				}
+			}
 		}
 
 		return data;
diff --git a/test/unit/ajax.js b/test/unit/ajax.js
index 5a95921..fbff2d8 100644
--- a/test/unit/ajax.js
+++ b/test/unit/ajax.js
@@ -693,6 +693,25 @@ test("jQuery.getJSON(String, Function) - JSON object", function() {
 	});
 });
 
+test("jQuery.getJSON - Using Native JSON", function() {
+	expect(2);
+	
+	var old = window.JSON;
+	JSON = {
+		parse: function(str){
+			ok( true, "Verifying that parse method was run" );
+			return true;
+		}
+	};
+
+	stop();
+	jQuery.getJSON(url("data/json.php"), function(json) {
+		window.JSON = old;
+	  equals( json, true, "Verifying return value" );
+	  start();
+	});
+});
+
 test("jQuery.getJSON(String, Function) - JSON object with absolute url to local content", function() {
 	expect(2);
 
-- 
1.7.10.4