Javascript The Bad Parts: Eval


July 22, 2012JavaScriptNo comments

Eval and evil differ by only one letter, ever thought about that? I am just kidding though. Eval in itself is not at all evil, actually it is rather handy – it evaluates a string and if that string is a JavaScript statement, executes it. Nothing bad about that, however many JavaScript developers have misused eval() and did things like:

This makes code injection attacks possible. Since eval() will try to read whatever the myVariable contains. Using eval() in this way makes the code harder to maintain and debug. All in all, you should start learning to avoid eval() since in ECMAScript 5 “strict mode” eval is not allowed and will probably be deprecated or removed in ECMAScript 6.

Leave a Reply