Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Eval can be harmful (no-eval) How to fix in a proper way.
See original GitHub issueHow,can i fix this without using eval:
how can we parse this
var js = change.getElementsByTagName('script')
for (var i = 0, j = js.length; i < j; i++) {
eval(js[i].innerHTML)
}
(page is loaded via AJAX, so no scripts will be executed without eval)
Code Snippet
function getViaAjax (url) {
var xmlPhttp
if (window.XMLHttpRequest) {
xmlPhttp = new window.XMLHttpRequest() // code for IE7+, Firefox, Chrome, Opera, Safari
} else {
xmlPhttp = new window.ActiveXObject('Microsoft.XMLHTTP') // code for IE6, IE5
}
xmlPhttp.open('POST', url, true)
xmlPhttp.setRequestHeader('Content-type', 'application/x-www-form-urlencoded')
xmlPhttp.onreadystatechange = function () {
if (xmlPhttp.readyState === 4 && xmlPhttp.status === 200) {
document.getElementById('changeMe').innerHTML = xmlPhttp.responseText
// JavaScript Fix!
var js = change.getElementsByTagName('script')
for (var i = 0, j = js.length; i < j; i++) {
eval(js[i].innerHTML) // ERROR
}
}
}
Second note i’d need to copy some values from a library (new instance) to make it work like _.myFunction('pass'); and _('.wrapper').myFunction('pass');
but what ever i try it does only work in this way:
var tLib = new Library()
var copy
for (copy in tLib) {
eval('_.' + copy + ' = tLib.' + copy + ';') // _.copy = tLib.copy (ERROR)
}
Please note that this is a crosspost: https://github.com/feross/standard/issues/308
Issue Analytics
- State:
- Created 8 years ago
- Comments:6 (2 by maintainers)
Top Results From Across the Web
no-eval - ESLint - Pluggable JavaScript Linter
JavaScript's eval() function is potentially dangerous and is often misused. Using eval() on untrusted code can open a program up to several different ......
Read more >JSLint "eval is evil." alternatives - javascript - Stack Overflow
The real solution here is to move your logic out of your content entirely. Import a JS file full of little validation functions...
Read more >No-eval - ESLint - W3cubDocs
JavaScript's eval() function is potentially dangerous and is often misused. Using eval() on untrusted code can open a program up to several different ......
Read more >Reasons Why You Should Never Use eval() in JavaScript
Let's take a brief look at it, and some of the dangers associated with using it.
Read more >eval() - JavaScript - MDN Web Docs - Mozilla
Warning: Executing JavaScript from a string is an enormous security risk. It is far too easy for a bad actor to run arbitrary...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Just disable the rule for the whole file by putting this on top of your file:
More info on how to configure rules: http://eslint.org/docs/user-guide/configuring#configuring-rules
@rahulmr I think he means something like:
But this is still marked as an error with
no-evalbecause theevaltoken is used