In JavaScript development, Eval is often used in dark areas to execute some code that is not intended to be seen by others.
However, Eval has dist...
For further actions, you may consider blocking this person and/or reporting abuse
That's only half-true. For example, JS itself will tell you it's true:
However, calling
eval
directly and callingwindow.eval
don't always give identical results. This is due to the special semantics of direct eval:Here's a more complete example:
you are right,professional enough.
Got to love how JavaScript can take forms which look more like cryptic magic spells than the actual code 🙃
JavaScript is cool,my favorite programming language.
So true 😂
you can prevent the accidential use of eval by overloading this function:
it's a good idea!
The lesson to learn here would be: anything could be an eval, cut and paste code carefully.
YES!
Eval is great fun, just be careful to never eval on user-supplied strings for security reasons. Even if you sanitize it, there are still likely holes. One of the safe-eval modules on NPM would be helpful if you need to do such a thing.
This is very true, even if you instantiate functions instead of eval, everything is a prototype with access to the Function constructor. Here is the most common occurrence I see.
then a user searches for something like this
eval is also a code smell. devs use it in frameworks and libraries to be clever, but there is no reason to use it. if you're making something to handle user input, you're better off writing a customer parser to handle your specific use case.
It is still not safe. You can use jspython interpreter (jspython.dev) for safe evaluation within JavaScript (browser or NodeJS)
Nice