JavaScript: eval() function
Description
The eval function is used to execute JavaScript source code.
Syntax
eval(expr)
Parameters
expr:
The expr is a string represent a JavaScript expression, statement, or sequence of statements. The expression can include variables and properties of existing objects. We should not call eval to evaluate an arithmetic expression ( 5 * 9 + 5-4) as JavaScript evaluates arithmetic expressions automatically. Note that the parameter expr argument is optional. If there is no argument, eval returned, "undefined".
Do not use eval()
eval() is sluggish and prone to security threats, and thus not recommended to be used. Here are why it is said so:
i) Code passed to the eval is executed with the privileges of the executor. So, if the code passed can be affected by some malicious intentions, it leads to running malicious code on a user's machine with your website's privileges.
ii) A malicious code can understand the scope with which the code passed to the eval was called. Which in turn, may raise security threats.
iii) eval has to call the JS Interpreter, thus making it sluggish.
There are a number of alternatives to eval() available.
Example -1 of eval() funciton
The following example shows how to use eval() function.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title>JavaScript: eval function example-1</title>
</head>
<body>
<h1 style="color: red">JavaScript eval() function example-1</h1>
<hr />
<script type="text/javascript">
//This is done to make the following JavaScript code compatible to XHTML. <![CDATA[
eval("language = 78; math = 89; science=90; document.write('Total marks : '+(language + math + science));");
//]]>
</script>
</body>
</html>
View the example in the browser
Example -2 of eval() funciton
Here is an another example of an eval() function.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title>JavaScript: eval function example-2</title>
</head>
<body>
<h1 style="color: red">JavaScript eval() function example-2</h1>
<hr />
<script type="text/javascript">
//This is done to make the following JavaScript code compatible to XHTML. <![CDATA[
var x = "alert ('We are learning JavaScript eval() function.')";
eval (x);
//]]>
</script>
</body>
</html>
View the example in the browser
Alternatives to eval
Instead of using eval to convert property names into properties, use the member operators.
Code not recommended:
var lettername = getPropName(); //returns "a" or "b"
eval( "var display = letters." + propname );
Code recommended:
var lettername = getPropName(); //returns "a" or "b"
var display= letters[ propname ]; // letters[ "a" ] is the same as letters.a
Use functions instead of evaluating piece of code
Use json.strngify and JSON.parse instead of using evals
You may click here to view a detailed discussion.
Pass data instead of code
To scrape data from saya webpage, using XPATH instead of JavaScript Code.
Maintain Cross-implementation compatibility
Don't use a second argument in eval. It is not supported in all modern browsers.
Execute code with limited privileges
If at all you are running code with eval, reduce privilege. This is though may not be implemented in many applications. Some use case may be implementing it in XUL - a Mozilla's front-end architecture.
Previous: JavaScript: Function
Next: JavaScript isFinite() function
Test your Programming skills with w3resource's quiz.
It will be nice if you may share this link in any developer community or anywhere else, from where other developers may find this content. Thanks.
https://www.w3resource.com/javascript/functions/eval-function.php
- Weekly Trends and Language Statistics
- Weekly Trends and Language Statistics