JavaScript: eval () is the devil"

Source: Internet
Author: User
If eval () is used in your current code, remember this spell "eval () is the Devil ". This method is followed

If eval () is used in your current code, remember this spell "eval () is the Devil ". This method accepts arbitrary strings and processes them as JavaScript code. When the problematic code is known in advance (not determined at runtime), there is no reason to use eval (). If the code is dynamically generated at runtime, there is a better way to achieve the same goal without using eval. For example, it is easier to access dynamic attributes in square brackets:

// Reverse example var property = "name"; alert (eval ("obj. "+ property); // better var property =" name "; alert (obj [property]);

Using eval () also brings security risks because the code executed (such as from the network) may have been tampered. This is a very common negative textbook. When processing Ajax requests, the corresponding JSON is obtained. In these cases, it is best to use the built-in JavaScript method to parse JSON to ensure security and effectiveness. If the browser does not support JSON. parse (), you can use the JSON.org library.

It is also important to remember that passing strings to setInterval (), setTimeout (), and Function () constructors is similar to using eval () in most cases, avoid this problem. Behind the scenes, JavaScript still needs to evaluate and execute the strings you pass to the program:

// Negative example setTimeout ("myFunc ()", 1000); setTimeout ("myFunc (1, 2, 3)", 1000); // better setTimeout (myFunc, 1000); setTimeout (function () {myFunc (1, 2, 3) ;}, 1000 );

Constructing with the new Function () is similar to eval (), so be careful when approaching it. This may be a powerful structure, but it is often misused. If you absolutely need to use eval (), you can consider using new Function () instead. There is a small potential benefit, because the code evaluation in the new Function () is run in the local Function scope, therefore, no variable defined by var evaluated in the code will automatically become a global variable. Another way to Prevent Automatic global variables is to encapsulate eval () calls into an instant function.

In the following example, only un serves as a global variable to pollute the namespace.

console.log(typeof un);    // "undefined"console.log(typeof deux); // "undefined"console.log(typeof trois); // "undefined"var jsstring = "var un = 1; console.log(un);";eval(jsstring); // logs "1"jsstring = "var deux = 2; console.log(deux);";new Function(jsstring)(); // logs "2"jsstring = "var trois = 3; console.log(trois);";(function () {   eval(jsstring);}()); // logs "3"console.log(typeof un); // numberconsole.log(typeof deux); // "undefined"console.log(typeof trois); // "undefined"

Another difference between eval () and Function construction is that eval () can interfere with the scope chain, while Function () is more secure. No matter where you execute Function (), it only shows the global scope. So it can effectively avoid local variable pollution. In the following example, eval () can access and modify the variables in its external scope. This is not done by the Function (note that the Function and new Function are the same ).

(function () {   var local = 1;   eval("local = 3; console.log(local)"); // logs "3"   console.log(local); // logs "3"}());(function () {   var local = 1;   Function("console.log(typeof local);")(); // logs undefined}());
Additional reading

The topic list of this article is as follows:

  1. How should we understand the working principle of the JavaScript engine?
  2. JavaScript exploration: the importance of writing maintainable code
  3. JavaScript exploration: exercise caution when using global variables
  4. JavaScript exploration: var pre-parsing and side effects
  5. JavaScript exploration: for Loop (for Loops)
  6. JavaScript exploration: for-in loop (for-in Loops)
  7. Exploring JavaScript: Prototypes is too powerful
  8. JavaScript: eval () is the devil"
  9. JavaScript exploration: Using parseInt () for Numerical Conversion
  10. Exploring JavaScript: Basic coding specifications
  11. JavaScript exploration: function declaration and function expression
  12. JavaScript exploration: Name function expressions
  13. JavaScript: function name in the debugger
  14. JavaScript: JScript Bug
  15. JavaScript exploration: Memory Management of JScript
  16. Exploring JavaScript: SpiderMonkey's quirks
  17. JavaScript exploration: an alternative solution to naming function expressions
  18. JavaScript exploration: Object
  19. JavaScript exploration: Prototype chain
  20. JavaScript exploration: Constructor
  21. JavaScript probing: executable context Stack
  22. Execution context 1: Variable object and activity object
  23. Execution context 2: Scope chain Scope Chains
  24. Execution context 3: Closure Closures
  25. Execution context 4: This pointer
  26. Exploring JavaScript: Powerful prototype and prototype chain
  27. JavaScript Functions 1: function declaration
  28. JavaScript function 2: function expressions
  29. JavaScript function 3: function expressions in a group
  30. JavaScript function 4: function Constructor
  31. JavaScript variable object 1: VO Declaration
  32. JavaScript variable object 2: VO in different execution contexts
  33. JavaScript variable object 3: two stages of execution Context
  34. JavaScript variable object IV: Variables
  35. Property of the JavaScript variable object __parent _
  36. JavaScript scope chain 1: Scope chain Definition
  37. JavaScript scope chain 2: function Lifecycle
  38. JavaScript scope chain 3: Scope chain features
  39. JavaScript closure 1: Introduction to closures
  40. JavaScript closure 2: Implementation of closure
  41. JavaScript closure 3: Closure usage

This article is available at http://www.nowamagic.net/librarys/veda/detail/1627.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.