+ 7

Why eval() is evil?

I just saw a youtube content about the eval() function and read some stuffs about eval() in google. I can see eval() is pretty useful to use evaluate strings to js code. But they say that using eval() is "evil" and dangerous and I don't get it why.

javascripteval
7th Nov 2019, 6:11 AM
Nootnoot
Nootnoot - avatar
7 Respostas
+ 8
Eval is considered risky and harmful. It is slow, and can contain malicious code like infinite loops, XSS(cross site scripting) attacks etc. It should be never used or only in very specific secured applications. Personally I disable it in Content-Security-Policy(CSP) so it is not possible to use it. https://en.wikipedia.org/wiki/Content_Security_Policy
7th Nov 2019, 6:47 AM
Michal Straka
Michal Straka - avatar
+ 4
https://www.sololearn.com/post/97586/?ref=app https://code.sololearn.com/WKKkpq0efxai/?ref=app
7th Nov 2019, 8:49 AM
Gordon
Gordon - avatar
+ 4
https://nedbatchelder.com/blog/201206/eval_really_is_dangerous.html
21st Jan 2020, 3:53 PM
Janusz Bujak 🇵🇱 🇺🇦
Janusz Bujak 🇵🇱 🇺🇦 - avatar
+ 2
Michal Straka Mirielle🐶 [Inactive] thank youuu uwu. maybe i should disable that
7th Nov 2019, 8:51 AM
Nootnoot
Nootnoot - avatar
+ 2
Mirielle🐶 [Inactive] oh. i thought it can be disabled. But thanks again uwu
7th Nov 2019, 10:48 AM
Nootnoot
Nootnoot - avatar

Costuma ter perguntas como essa?

Aprenda de maneira mais eficiente, de graça:

Ver todos os cursos
Quente hoje
What's wrong with this code ? ( Beginner)
3 Votes
Ejercicio Pytho
0 Votes
Please rate my code from 1 to 10
2 Votes
Bug on "Java for Beginners Module 3 Quiz"
1 Votes
Square Roots
0 Votes
Write a program to find the strings are in isogram or not
0 Votes
Pig Latin
0 Votes
Uuu
1 Votes
Currently learning C++, I’m getting into socket programming with C++
0 Votes
How to start
0 Votes