473,545 Members | 2,029 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Why eval(string) is not needed

// Look ma! no evals!
function eval2 (string, noReturn) {
return Function((!noRe turn ? "return " : "")+string) (); }

var aR = eval2("/x/");
var Yo = eval2("{a:1, l:1, e:1, r:1, t:1}");
var a = eval2("['Hi', 'Mom']");
var aPri = eval2("a.join(' ').replace(aR,' u');");
var foo = eval2("var f='';for (var i in Yo) f+=i; return(f)",true );
eval2 (foo+"('"+aPri+ "')");
Csaba Gabor from Vienna :)

Apr 1 '06 #1
3 1234
Csaba Gabor wrote:
// Look ma! no evals!
function eval2 (string, noReturn) {
return Function((!noRe turn ? "return " : "")+string) (); }

var aR = eval2("/x/");
var Yo = eval2("{a:1, l:1, e:1, r:1, t:1}");
var a = eval2("['Hi', 'Mom']");
var aPri = eval2("a.join(' ').replace(aR,' u');");
var foo = eval2("var f='';for (var i in Yo) f+=i; return(f)",true );
eval2 (foo+"('"+aPri+ "')");


The Function constructor is just an alias for eval. It is equally as evil.

var aR = /x/;
var Yo = {a: 1, l: 1, e: 1, r: 1, t: 1};
var a = ['Hi', 'Mom'];
var aPri = a.join(' ').replace(aR, 'u');
var foo = function () {
var f = '';
for (var i in Yo) {
f += i;
}
return f;
}();
foo(aPri);

http://javascript.crockford.com
Apr 1 '06 #2
"Csaba Gabor" <da*****@gmail. com> writes:
// Look ma! no evals!
function eval2 (string, noReturn) {
return Function((!noRe turn ? "return " : "")+string) (); }


And merry first of April to you too :)

And a case where your eval2 fails to work like eval:

var x = "suckered!" ;
function foo() {
var x = 42;
alert(eval2("x" ));
}
foo();

Good luck!
/L
--
Lasse Reichstein Nielsen - lr*@hotpop.com
DHTML Death Colors: <URL:http://www.infimum.dk/HTML/rasterTriangleD OM.html>
'Faith without judgement merely degrades the spirit divine.'
Apr 1 '06 #3
VK

Csaba Gabor wrote:
// Look ma! no evals!
function eval2 (string, noReturn) {
return Function((!noRe turn ? "return " : "")+string) (); }

var aR = eval2("/x/");
var Yo = eval2("{a:1, l:1, e:1, r:1, t:1}");
var a = eval2("['Hi', 'Mom']");
var aPri = eval2("a.join(' ').replace(aR,' u');");
var foo = eval2("var f='';for (var i in Yo) f+=i; return(f)",true );
eval2 (foo+"('"+aPri+ "')");
Csaba Gabor from Vienna :)


eval('alert(eva l(\'2+2\')/eval(\'2\'))'); // 2

Instead of three absolutely necessary eval's I could make it with just
one (others are inside the string so doesn't count :-)

Apr 1 '06 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

12
8150
by: lawrence | last post by:
I have a string which I want to send to eval(). How can I test it ahead of time to make sure it is valid code? I don't want to send it to eval and get parse errors. I want to do something like this: $valid = checkPHP($string); if ($valid) { eval($string); } else { $resultsObject->addToErrorResults("We wanted to send our template to...
3
1785
by: Grayson | last post by:
I have a need for an "Eval" function and found the perfect sample The problem is it doesn't like "IsDate" being fed into it. Any Ideas? seems like a missing reference, but I can't figure it out... PS Thanx to Peter Bromberg for providing the sample http://www.eggheadcafe.com/articles/20030908.asp Namespace PAB.Util Public Class...
18
3143
by: Joe Fallon | last post by:
I have some complex logic which is fairly simply to build up into a string. I needed a way to Eval this string and return a Boolean result. This code works fine to achieve that goal. My question is what happens to the dynamically created assembly when the method is done running? Does GC take care of it? Or is it stuck in RAM until the...
4
1968
by: Wilson | last post by:
Hello, How can i eval a string expression like String abc = ??"dt.Rows.Columns.ToString() + dt.Rows.Columns.ToString()" Thanks Wilson
5
2080
by: R | last post by:
Hi All, I'm using eval and arrays in foreach and have trouble with adding elements to them - I'm talking about the '' operator. My code is: // creates arrays with the names of columns in keys array foreach ($keys as $k) {
11
1975
by: C.W.Holeman II | last post by:
I am looking for an example using the object argument to eval(). http://developer.mozilla.org/en/docs/Core_JavaScript_1.5_Reference:Functions:eval -- C.W.Holeman II | cwhii@Julian5Locals.com-5 http://JulianLocals.com/cwhii To only a fraction of the human race does God give the privilege of earning one's bread doing what one would have...
9
2797
by: Bob M | last post by:
If I define an expression or equation, how can I retrieve that expression as string literal? I want to do this so that I could avoid repetitive typing (or copy/paste/change) the same thing at two place. I try to demonstrate the problem in the following code. Bob M <%@ Page Language="C#" %> <script runat="server">
33
2783
by: cesco | last post by:
Hi, say I have a string like the following: s1 = 'hi_cat_bye_dog' and I want to replace the even '_' with ':' and the odd '_' with ',' so that I get a new string like the following: s2 = 'hi:cat,bye:dog' Is there a common recipe to accomplish that? I can't come up with any solution...
0
7415
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
0
7675
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
0
7928
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
0
7775
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
0
4963
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3470
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
0
3451
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
1902
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
1
1030
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.