Check out the source code:

查看源代码：

function fromJson(json) {
  return isString(json)
      ? JSON.parse(json)
      : json;
}

They're just passing through to JSON.parse.

他们只是路过JSON.parse。

As for $evalit shells out to $parse:

至于$eval它会输出到$parse：

  // $scope.$eval source:
  $eval: function(expr, locals) {
    return $parse(expr)(this, locals);
  },

$parse source is too long to post, but it is essentially capable of converting inline (stringified) objects to realObjects and so it makes sense that in this case, it will actually convert your JSON as well.

$parse source 太长而无法发布，但它本质上能够将内联（字符串化）对象转换为真正的对象，因此在这种情况下，它实际上也会转换您的 JSON。

(I did not know this until reading through the $parse source just now.)

（直到刚刚阅读 $parse 源时我才知道这一点。）

Is there any particular reason to use angular.fromJSON rather than JSON.parse?

使用 angular.fromJSON 而不是 JSON.parse 有什么特别的理由吗？

Nope, not really. Although they do check to you to ensure that you don't double-parse a JSON string, like so:

不，不是真的。尽管他们确实会检查您以确保您不会重复解析 JSON 字符串，如下所示：

var jsonString = '{"foo":"bar"}';
var json = JSON.parse(jsonString); // Parsing once is good :)
JSON.parse(json); // Parsing twice is bad :(

Is there any possible issue when using $scope.$eval to parse a JSON string?

使用 $scope.$eval 解析 JSON 字符串时是否有任何可能的问题？

I don't think so off the top of my head, other than that you're doing more work than is necessary. So if you know you have JSON, there's no reason to use the heavier $parse function.

我不这么认为，除了你做的工作比必要的多。所以如果你知道你有 JSON，就没有理由使用更重的 $parse 函数。

The above answer is almost correct. However, there isa potential issue with using $scope.$eval()to parse a JSON string, which does not exist with either JSON.parse()or angular.fromJson(): security. Angular allows an expression to contain complex JavaScript including function calls, conditionals with ?:, variable assignments, and so on. All of these are recognised and processed if you use $scope.$eval(), even if they were added by a malicious end-user.

上面的答案几乎是正确的。但是，是使用一个潜在的问题$scope.$eval()解析JSON字符串，不与任何存在JSON.parse()或angular.fromJson()：安全。Angular 允许表达式包含复杂的 JavaScript，包括函数调用、条件 with ?:、变量赋值等。如果您使用$scope.$eval()，所有这些都会被识别和处理，即使它们是由恶意最终用户添加的。

JSON does not support any of those more complex JavaScript features, nor anything else potentially "dangerous". If you use a true JSON parser like JSON.parse()or angular.fromJson(), there is no chance of malicious code being injected and executed.

JSON 不支持任何那些更复杂的 JavaScript 功能，也不支持任何其他潜在的“危险”功能。如果您使用真正的 JSON 解析器，例如JSON.parse()或angular.fromJson()，则不可能注入和执行恶意代码。

Since Angular expressions are isolated and evaluate only in the current $scope, the risk of code injection is somewhat mitigated - $scope.$eval()is far less dangerous than JavaScript's native eval()for parsing JSON. However there is still no reason to use either function for this purpose, since there is a potential security risk andusing a proper JSON parser is likely to be faster.

由于角表达式分离，只能在当前评估$scope，代码注入的风险有所减轻-$scope.$eval()远小于危险比JavaScript的本地eval()解析JSON。然而，仍然没有理由为此目的使用任何一个函数，因为存在潜在的安全风险，并且使用适当的 JSON 解析器可能会更快。