diff --git a/assets/scripts/modaldialog.js b/assets/scripts/modaldialog.js
index 1043126779e..f5552ef12ea 100644
--- a/assets/scripts/modaldialog.js
+++ b/assets/scripts/modaldialog.js
@@ -103,7 +103,10 @@ function displayUploadedFiles(jsonstring, filecount, fieldname, show_title, show
 
     if (jsonstring !== '')
     {
-        jsonobj = eval('(' + jsonstring + ')');
+        var jsonobj = '';
+        try{
+            jsonobj = JSON.parse(jsonstring);
+        } catch(e) {}
         display = '<table width="100%" class="question uploadedfiles"><thead><tr><td width="20%">&nbsp;</td>';
         if (show_title != 0)
             display += '<th>'+uploadLang.headTitle+'</th>';
diff --git a/assets/scripts/uploader.js b/assets/scripts/uploader.js
index 94b0c6bc341..fa3253dc543 100644
--- a/assets/scripts/uploader.js
+++ b/assets/scripts/uploader.js
@@ -38,7 +38,10 @@ function doFileUpload()
     if (filecount > 0)
     {
         var jsontext = window.parent.window.$('#' + fieldname).val();
-        var json = eval('(' + jsontext + ')');
+        var json = '';
+        try{
+            json = JSON.parse(jsontext);
+        } catch(e) {}
         if ($('#field' + fieldname + '_listfiles').length == 0)
         {
             $("<ul id='field" + fieldname + "_listfiles' class='files-list' />").insertAfter("#uploadstatus");