If eval () is used in your current code, remember this spell "eval () is the Devil ". This method is followed
If eval () is used in your current code, remember this spell "eval () is the Devil ". This method accepts arbitrary strings and processes them as JavaScript code. When the problematic code is known in advance (not determined at runtime), there is no reason to use eval (). If the code is dynamically generated at runtime, there is a better way to achieve the same goal without using eval. For example, it is easier to access dynamic attributes in square brackets:
// Reverse example var property = "name"; alert (eval ("obj. "+ property); // better var property =" name "; alert (obj [property]);
Using eval () also brings security risks because the code executed (such as from the network) may have been tampered. This is a very common negative textbook. When processing Ajax requests, the corresponding JSON is obtained. In these cases, it is best to use the built-in JavaScript method to parse JSON to ensure security and effectiveness. If the browser does not support JSON. parse (), you can use the JSON.org library.
It is also important to remember that passing strings to setInterval (), setTimeout (), and Function () constructors is similar to using eval () in most cases, avoid this problem. Behind the scenes, JavaScript still needs to evaluate and execute the strings you pass to the program:
// Negative example setTimeout ("myFunc ()", 1000); setTimeout ("myFunc (1, 2, 3)", 1000); // better setTimeout (myFunc, 1000); setTimeout (function () {myFunc (1, 2, 3) ;}, 1000 );
Constructing with the new Function () is similar to eval (), so be careful when approaching it. This may be a powerful structure, but it is often misused. If you absolutely need to use eval (), you can consider using new Function () instead. There is a small potential benefit, because the code evaluation in the new Function () is run in the local Function scope, therefore, no variable defined by var evaluated in the code will automatically become a global variable. Another way to Prevent Automatic global variables is to encapsulate eval () calls into an instant function.
In the following example, only un serves as a global variable to pollute the namespace.
console.log(typeof un); // "undefined"console.log(typeof deux); // "undefined"console.log(typeof trois); // "undefined"var jsstring = "var un = 1; console.log(un);";eval(jsstring); // logs "1"jsstring = "var deux = 2; console.log(deux);";new Function(jsstring)(); // logs "2"jsstring = "var trois = 3; console.log(trois);";(function () { eval(jsstring);}()); // logs "3"console.log(typeof un); // numberconsole.log(typeof deux); // "undefined"console.log(typeof trois); // "undefined"
Another difference between eval () and Function construction is that eval () can interfere with the scope chain, while Function () is more secure. No matter where you execute Function (), it only shows the global scope. So it can effectively avoid local variable pollution. In the following example, eval () can access and modify the variables in its external scope. This is not done by the Function (note that the Function and new Function are the same ).
(function () { var local = 1; eval("local = 3; console.log(local)"); // logs "3" console.log(local); // logs "3"}());(function () { var local = 1; Function("console.log(typeof local);")(); // logs undefined}());
Additional reading
The topic list of this article is as follows:
- How should we understand the working principle of the JavaScript engine?
- JavaScript exploration: the importance of writing maintainable code
- JavaScript exploration: exercise caution when using global variables
- JavaScript exploration: var pre-parsing and side effects
- JavaScript exploration: for Loop (for Loops)
- JavaScript exploration: for-in loop (for-in Loops)
- Exploring JavaScript: Prototypes is too powerful
- JavaScript: eval () is the devil"
- JavaScript exploration: Using parseInt () for Numerical Conversion
- Exploring JavaScript: Basic coding specifications
- JavaScript exploration: function declaration and function expression
- JavaScript exploration: Name function expressions
- JavaScript: function name in the debugger
- JavaScript: JScript Bug
- JavaScript exploration: Memory Management of JScript
- Exploring JavaScript: SpiderMonkey's quirks
- JavaScript exploration: an alternative solution to naming function expressions
- JavaScript exploration: Object
- JavaScript exploration: Prototype chain
- JavaScript exploration: Constructor
- JavaScript probing: executable context Stack
- Execution context 1: Variable object and activity object
- Execution context 2: Scope chain Scope Chains
- Execution context 3: Closure Closures
- Execution context 4: This pointer
- Exploring JavaScript: Powerful prototype and prototype chain
- JavaScript Functions 1: function declaration
- JavaScript function 2: function expressions
- JavaScript function 3: function expressions in a group
- JavaScript function 4: function Constructor
- JavaScript variable object 1: VO Declaration
- JavaScript variable object 2: VO in different execution contexts
- JavaScript variable object 3: two stages of execution Context
- JavaScript variable object IV: Variables
- Property of the JavaScript variable object __parent _
- JavaScript scope chain 1: Scope chain Definition
- JavaScript scope chain 2: function Lifecycle
- JavaScript scope chain 3: Scope chain features
- JavaScript closure 1: Introduction to closures
- JavaScript closure 2: Implementation of closure
- JavaScript closure 3: Closure usage
This article is available at http://www.nowamagic.net/librarys/veda/detail/1627.