From 076e3444b9973d431466f045705cc7871edec40f Mon Sep 17 00:00:00 2001
From: tmeissner <programming@goodcleanfun.de>
Date: Mon, 25 Feb 2013 17:00:46 +0100
Subject: [PATCH] test to prevent the use of eval function by parsing and
 splitting the ajax response into an array

---
 scripts/haltestellen.js | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/scripts/haltestellen.js b/scripts/haltestellen.js
index d1fb765..469c170 100644
--- a/scripts/haltestellen.js
+++ b/scripts/haltestellen.js
@@ -35,7 +35,7 @@ function ajaxCall(dataUrl, outputElement, callback) {
         if(request.readyState === 4 && request.status === 200) {
 
             //save ajax response
-            var response = eval(request.responseText);
+            var response = request.responseText;
 
             // check if callback is a function
             if(typeof callback === "function") {
@@ -55,7 +55,14 @@ function ajaxCall(dataUrl, outputElement, callback) {
 
     console.log("anonymous function");
 
-    //var wurst = [["13","Prohlis","754"],["13","Prohlis","754"],["13","Prohlis","754"],["13","Prohlis","754"]];
+    /*var wurst = '[["13","Prohlis","754"],["13","Prohlis","754"],["13","Prohlis","754"],["13","Prohlis","754"]]';
+    console.log(wurst);
+    //wurst = wurst.replace(/\[\[/gi, '[');
+    //wurst = wurst.replace(/\]\]/gi, ']');
+    wurst = wurst.replace(/\],\[/gi, '#');
+    wurst = wurst.slice(2,-2);
+    console.log(wurst);
+    console.log(wurst.split("#"));*/
 
     // get the search form
     var searchForm = document.getElementById("search-form");
@@ -77,6 +84,10 @@ function ajaxCall(dataUrl, outputElement, callback) {
 
             ajaxCall(hstUrl, target, function(data) {
 
+                data = data.replace(/\],\[/gi, '#');
+                data = data.slice(2,-2);
+                data = data.split("#");
+
                 var i;
                 var y;
                 var htmlOutput;