javascript - what does eval do and why its evil? -


this question has answer here:

var mystring = "x",     myobject = {         x: 10     }, value = eval("myobject." + mystring); alert(value) alert(myobject[mystring]);

http://jslinterrors.com/eval-is-evil/

i have been reading eval() function on internet, not grasp on apart "it evaluates expression".

should use eval() function numeric values?.

eval() takes string given, , runs if plain javascript code.

it considered "evil" because:

  • it over-complicates things - cases eval() used, there simpler solution didn't require it. example in question perfect case in point: there absolutely no need eval() expression this. js has syntax referencing object property name string (myobject["x"] same myobject.x).

  • it's harder debug - it's harder work in debugger, , once have managed work out what's going on, have work because have debug both eval'd code, , code generated original string eval.

  • it slows things down - script compiler cannot pre-compile code in eval(), because doesn't know code contain until gets there. lose out on of performance benefits in modern javascript engines.

  • it hacker's dream - eval() runs string code. hackers love because it's easier inject string program inject code; eval() means can inject string, , run code. eval() makes code easier hack. (this less of issue browser-based javascript other languages, js code accessible in browser anyway, security model should not based on code being immutable, nevertheless, injection hacks can still problem, particularly cross-site attacks).


Comments

Post a Comment

Popular posts from this blog

javascript - addthis share facebook and google+ url -

i attempting use addthis create simple url shares whichever current page user on when click share button. of right now, have twitter working. when user clicks, able see url populated in tweet box. when user clicks facebook or google+, url doesn't seem show in share box. <ul class="addthis_toolbox addthis_default_style "> <li><a class="addthis_button_facebook"><img src="/img/facebook-social.png" width="20" height="20" border="0" alt="share" /></a></li> <li><a class="addthis_button_twitter"><img src="/img/twitter-social.png" width="20" height="20" border="0" alt="share" /></a></li> <li><a class="addthis_button_google_plusone_share"><img src="/img/google-social.png" width="20" height="20" border="0" alt="s...
Read more

ios - Show keyboard with UITextField in the input accessory view -

i have buttona , when buttona clicked, want keyboard show uitextfield in inputaccessoryview. there way have keyboard show manually , set inputaccessoryview without having uitextfield initially? thanks. you cannot summon keyboard without object can become first responder. there 2 ways work around: subclass uiview , implement uikeyinput protocol in it. example: in .h file: @interface inputobject : uiview<uikeyinput> @property (nonatomic, copy) nsstring *text; @property (nonatomic, strong) uiview *inputaccessoryview; // must override inputaccessoryview , since it's readonly default @end in .m file, implement protocol: - (bool)canbecomefirstresponder { return yes; } - (bool)hastext { return [self.text length]; } - (void)inserttext:(nsstring *)text { nsstring *selftext = self.text ? self.text : @""; self.text = [selftext stringbyappendingstring:text]; [[nsnotificationcenter defaultcenter] postnotificationname:kinputobjec...
Read more

c++ - importing crypto++ in QT application and occurring linker errors? -

i trying use crypto++ sankore-3.1 qt program, i've installed qt sdk 4.8.1 using vc++ 2010 compiler. i've compiled , built crypto++ using microsoft visual studio 2010, , have needed lib files, include .h files , dll file in hand. i testes these library simple qt application in empty project using qt creator, added libraries .pro file , run successfully. .pro file blow: win32:config(release, debug|release): libs += -l$$pwd/../../dokuman/sankore- 3.1/plugins/cryptopp/win32/dll_output/release/ -lcryptopp else:win32:config(debug, debug|release): libs += -l$$pwd/../../dokuman/sankore-3.1/plugins/cryptopp/win32/dll_output/debug/ -lcrypto includepath += $$pwd/../../dokuman/sankore-3.1/plugins/cryptopp/include dependpath += $$pwd/../../dokuman/sankore-3.1/plugins/cryptopp/include sources += \ main.cpp win32:config(release, debug|release): libs += -l$$pwd/../../dokuman/sankore-3.1/plugins/cryptopp/win32/output/release/ -lcryptlib else:win32:config(debug, de...
Read more