) Javascript eval

1 Basic eval usage:

The function receives a parameter S. If S is not a string, S is directly returned. Otherwise, execute the s statement. If the execution result of the s statement is a value, this value is returned; otherwise, undefined is returned.

Note that the object declaration Syntax "{}" does not return a value and must be enclosed in parentheses to return the value. A simple example is as follows:

VaR code1 = '"A" + 2'; // expression

VaR code2 = '{A: 2}'; // statement

Alert (eval (code1); //-> 'a2'

Alert (eval (code2); //-> undefined

Alert (eval ('+ code2 +'); //-> [object]

As you can see, for object declaration statements, they are only executed and cannot return values. To return a commonly used object declaration statement such as "{}", it must be enclosed in parentheses to convert it into an expression before returning its value. This is also one of the basic principles of Ajax development using JSON. In the example, we can clearly see that the second alert statement outputs undefined, and the third statement outputs the object represented by the statement after parentheses.

►The focus of this Article is on how to execute global code in the function. To illustrate this problem, let's first look at an example:

VaR S = 'global'; // defines a global variable.

Function demo1 (){

Eval ('var S = "local "');

}

Demo1 ();

Alert (s); //-> global

Well understood, the above demo1 function is equivalent to: function demo1 () {var S = 'local' ;}, which defines a local variable S.

So the final output is global. After all, everyone can clearly distinguish between local variables and global variables.

After careful consideration, we can find that the eval function is always executed in the context variable space (also called package, closure) that calls it, both the variable definition and the function definition are the same, so the following code will generate an undefined function error:

VaR S = 'function test () {return 1 ;}'; // a Function Definition Statement

Function demo2 (){

Eval (s );

}

Demo2 ();

Alert (test (); //-> error: test is not defined

This is because the test function is defined in a local space and can be accessed in the demo2 function.

2. efficiency issues:

Simon willison believes that although JavaScript provides the eval () function that uses dynamic strings as script code to execute, it provides a lot of convenience for coding, at the same time, the code execution efficiency is low and difficult to maintain. Generally, only design defects have to be compensated by eval.

The most common error in using eval () is that it is used to dynamically obtain an object/sub-object and its attributes. Assume that there is an object Foo in your code, and its attributes are determined at runtime. You may want to use eval to solve this problem:

1. var property = 'bar ';

2.

3. VaR value = eval ('foo. '+ property );

4.

This can certainly achieve the expected results, but this will cause JavaScript to switch to the interpreter mode to re-interpret the dynamically constructed code every time it runs the code, which greatly reduces the running efficiency. In fact, you can avoid using eval ():

1. var property = 'bar ';

2.

3. VaR value = Foo [property];

4.

On the other hand, using eval () may also lead to some potential security risks. This is true for any language. When you get data and eval () through the get/post parameters on the page, malicious users may exploit the vulnerability to inject illegal code for unexpected operations. Therefore, you must be cautious when using eval () from the perspective of execution efficiency, code maintenance cost, and application security. Looking back at the code I have written, Eval () was abused by me for a while. The most direct consequence was that it caused a lot of trouble to other programmers who took over. It is really not as easy to understand what a dynamic string is used after it is eval () as an OO code with a clear structure.

Conclusion: code with "eval" is more than 100 times slower than code without "eval.

The main reason is that JavaScript code performs operations similar to "pre-compilation" before execution: First, it creates an activity object in the current execution environment, and set the variables declared with VAR to the attributes of the active object. However, the value assigned to these variables is undefined, and the functions defined by the function are also added as the attributes of the active object, and their values are exactly the definitions of functions. However, if you use "eval", the code in "eval" (actually a string) cannot identify its context in advance and cannot be parsed and optimized in advance, you cannot perform the pre-compilation operation. Therefore, its performance will be greatly reduced.