So yeah... JS Object is not the same as JSON.
Some libs or frameworks will want to add functions to the JS Object.
For example primevue has a menu structure with functions in the Object:
const items = {
label: 'New',
icon: 'pi pi-plus',
command: (event) => {
// event.originalEvent: Browser event
// event.item: Menuitem instance
}
}
;
Nice, but what if you want this data provided from DB via php...?
this works:
const func = 'items.command = function(event){ console.log(event) }'
eval(func)
So we could do something with this. This means doing something with the JSON when it is loaded into Javascript and turn some strings into functions with eval. This is of course a security risk. But somehow we'll need to change the JSON into a JS Object.
Better maybe is to not have info of the end platform in the DB. The solution I'm using is that I'm pre-defining what commands can be added to the JS Object and use codes to tell the reader what I want added.
switch (add) {
case '[login]':
items.command: () => {
auth.destroyToken()
this.$router.push({ name: 'login' })
}
break;
}
Not as "free", but for security that's a good thing.