JavaScript: eval () is the devil"

If eval () is used in your current code, remember this spell "eval () is the Devil ". This method is followed

If eval () is used in your current code, remember this spell "eval () is the Devil ". This method accepts arbitrary strings and processes them as JavaScript code. When the problematic code is known in advance (not determined at runtime), there is no reason to use eval (). If the code is dynamically generated at runtime, there is a better way to achieve the same goal without using eval. For example, it is easier to access dynamic attributes in square brackets:

// Reverse example var property = "name"; alert (eval ("obj. "+ property); // better var property =" name "; alert (obj [property]);

Using eval () also brings security risks because the code executed (such as from the network) may have been tampered. This is a very common negative textbook. When processing Ajax requests, the corresponding JSON is obtained. In these cases, it is best to use the built-in JavaScript method to parse JSON to ensure security and effectiveness. If the browser does not support JSON. parse (), you can use the JSON.org library.

It is also important to remember that passing strings to setInterval (), setTimeout (), and Function () constructors is similar to using eval () in most cases, avoid this problem. Behind the scenes, JavaScript still needs to evaluate and execute the strings you pass to the program:

// Negative example setTimeout ("myFunc ()", 1000); setTimeout ("myFunc (1, 2, 3)", 1000); // better setTimeout (myFunc, 1000); setTimeout (function () {myFunc (1, 2, 3) ;}, 1000 );

Constructing with the new Function () is similar to eval (), so be careful when approaching it. This may be a powerful structure, but it is often misused. If you absolutely need to use eval (), you can consider using new Function () instead. There is a small potential benefit, because the code evaluation in the new Function () is run in the local Function scope, therefore, no variable defined by var evaluated in the code will automatically become a global variable. Another way to Prevent Automatic global variables is to encapsulate eval () calls into an instant function.

In the following example, only un serves as a global variable to pollute the namespace.

console.log(typeof un);    // "undefined"console.log(typeof deux); // "undefined"console.log(typeof trois); // "undefined"var jsstring = "var un = 1; console.log(un);";eval(jsstring); // logs "1"jsstring = "var deux = 2; console.log(deux);";new Function(jsstring)(); // logs "2"jsstring = "var trois = 3; console.log(trois);";(function () {   eval(jsstring);}()); // logs "3"console.log(typeof un); // numberconsole.log(typeof deux); // "undefined"console.log(typeof trois); // "undefined"

Another difference between eval () and Function construction is that eval () can interfere with the scope chain, while Function () is more secure. No matter where you execute Function (), it only shows the global scope. So it can effectively avoid local variable pollution. In the following example, eval () can access and modify the variables in its external scope. This is not done by the Function (note that the Function and new Function are the same ).

(function () {   var local = 1;   eval("local = 3; console.log(local)"); // logs "3"   console.log(local); // logs "3"}());(function () {   var local = 1;   Function("console.log(typeof local);")(); // logs undefined}());

Additional reading

The topic list of this article is as follows:

1. How should we understand the working principle of the JavaScript engine?
2. JavaScript exploration: the importance of writing maintainable code
3. JavaScript exploration: exercise caution when using global variables
4. JavaScript exploration: var pre-parsing and side effects
5. JavaScript exploration: for Loop (for Loops)
6. JavaScript exploration: for-in loop (for-in Loops)
7. Exploring JavaScript: Prototypes is too powerful
8. JavaScript: eval () is the devil"
9. JavaScript exploration: Using parseInt () for Numerical Conversion
10. Exploring JavaScript: Basic coding specifications
11. JavaScript exploration: function declaration and function expression
12. JavaScript exploration: Name function expressions
13. JavaScript: function name in the debugger
14. JavaScript: JScript Bug
15. JavaScript exploration: Memory Management of JScript
16. Exploring JavaScript: SpiderMonkey's quirks
17. JavaScript exploration: an alternative solution to naming function expressions
18. JavaScript exploration: Object
19. JavaScript exploration: Prototype chain
20. JavaScript exploration: Constructor
21. JavaScript probing: executable context Stack
22. Execution context 1: Variable object and activity object
23. Execution context 2: Scope chain Scope Chains
24. Execution context 3: Closure Closures
25. Execution context 4: This pointer
26. Exploring JavaScript: Powerful prototype and prototype chain
27. JavaScript Functions 1: function declaration
28. JavaScript function 2: function expressions
29. JavaScript function 3: function expressions in a group
30. JavaScript function 4: function Constructor
31. JavaScript variable object 1: VO Declaration
32. JavaScript variable object 2: VO in different execution contexts
33. JavaScript variable object 3: two stages of execution Context
34. JavaScript variable object IV: Variables
35. Property of the JavaScript variable object __parent _
36. JavaScript scope chain 1: Scope chain Definition
37. JavaScript scope chain 2: function Lifecycle
38. JavaScript scope chain 3: Scope chain features
39. JavaScript closure 1: Introduction to closures
40. JavaScript closure 2: Implementation of closure
41. JavaScript closure 3: Closure usage

This article is available at http://www.nowamagic.net/librarys/veda/detail/1627.