Prototype JavaScript Framework | Introduction to JSON

String#evalJSON takes an optional sanitize parameter, which, if set to true, checks the string for possible malicious attempts and prevents the evaluation and throws a ... You should always set the sanitize parameter to true and an appropriate content-typ

prototypejs.org