Description
The eval function is used to execute JavaScript source code.
Syntax
eval(expr)
Parameters
expr :
The expr is a string represent a JavaScript expression, statement, or sequence of statements. The expression can include variables and properties of existing objects. We should not call eval to evaluate an arithmetic expression ( 5 * 9 + 5-4) as JavaScript evaluates arithmetic expressions automatically. Note that the parameter expr argument is optional. If there is no argument, eval returned, "undefined".
The expr is a string represent a JavaScript expression, statement, or sequence of statements. The expression can include variables and properties of existing objects. We should not call eval to evaluate an arithmetic expression ( 5 * 9 + 5-4) as JavaScript evaluates arithmetic expressions automatically. Note that the parameter expr argument is optional. If there is no argument, eval returned, "undefined".
Do not use eval()
eval() is sluggish and prone to security threats, and thus not recommended to be used. Here are why it is said so:
i) Code passed to the eval is executed with the privileges of the executer. So, if the code passed can be affected by some malicious intensions, it leads to running malicious code in a user's machine with your website's privileges.
ii) A malicious code can understand the scope with which the code passed to the eval was called. Which in turn, may raise security threats.
iii) eval has to call the JS Interpreter, thus making it sluggish.
Example -1 of eval() funciton
The following example shows how to use eval() function.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title>JavaScript: eval function example-1</title>
</head>
<body>
<h1 style="color: red">JavaScript eval() function example-1</h1>
<hr />
<script type="text/javascript">
//This is done to make the following JavaScript code compatible to XHTML. <![CDATA[
eval("language = 78; math = 89; science=90; document.write('Total marks : '+(language + math + science));");
//]]>
</script>
</body>
</html>
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title>JavaScript: eval function example-1</title>
</head>
<body>
<h1 style="color: red">JavaScript eval() function example-1</h1>
<hr />
<script type="text/javascript">
//This is done to make the following JavaScript code compatible to XHTML. <![CDATA[
eval("language = 78; math = 89; science=90; document.write('Total marks : '+(language + math + science));");
//]]>
</script>
</body>
</html>
Example -2 of eval() funciton
Here is an another example of eval() function.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title>JavaScript: eval function example-2</title>
</head>
<body>
<h1 style="color: red">JavaScript eval() function example-2</h1>
<hr />
<script type="text/javascript">
//This is done to make the following JavaScript code compatible to XHTML. <![CDATA[
var x = "alert ('We are learning JavaScript eval() function.')";
eval (x);
//]]>
</script>
</body>
</html>
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title>JavaScript: eval function example-2</title>
</head>
<body>
<h1 style="color: red">JavaScript eval() function example-2</h1>
<hr />
<script type="text/javascript">
//This is done to make the following JavaScript code compatible to XHTML. <![CDATA[
var x = "alert ('We are learning JavaScript eval() function.')";
eval (x);
//]]>
</script>
</body>
</html>
Alternatives to eval
Instead of using eval to convert property names into properties, use the member operators.
Code not recommended :
var letters = { a: apple, b: banana };
var lettername = getPropName(); //returns "a" or "b"
eval( "var display = letters." + propname );
var lettername = getPropName(); //returns "a" or "b"
eval( "var display = letters." + propname );
Code recommended :
var letters = { a: apple, b: banana };
var lettername = getPropName(); //returns "a" or "b"
var display= letters[ propname ]; // letters[ "a" ] is the same as letters.a
var lettername = getPropName(); //returns "a" or "b"
var display= letters[ propname ]; // letters[ "a" ] is the same as letters.a
Use functions instead of evaluating peice of code
Use json.strngify and JSON.parse instead of using evals
Pass data instead of code
To scrape data from saya webpage, using XPATH instead of JavaScript Code.
Maintain Cross-implementation compatibility
Don't use a second a argument in eval. It is not supported in all modern browsers.
Execute code with limited privileges
If at all you are running code with eval, reduce privilege. This is though may not be implemented in many applications. Some use case may be implmenting in XUL - a Mozilla's front-end architecture.
Please Google+, Like this tutorial on FaceBook, Tweet, save it as bookmark andsubscribe with our Feed. Have suggestions? comment using Disqus down this page. Thanks.
No comments:
Post a Comment