eval()-like methods should not be used JS-0068Implied eval. Consider passing a function instead of a string
28TLib.setFocus=function(id){if(!TLib.getObj(id)) return;TLib.getObj(id).focus();}
29TLib.getTopPosition=function(target){var top=0;if(target.offsetParent){while(1){top+=target.offsetTop;if(!target.offsetParent){break;}target=target.offsetParent;}}else if(target.y){top+=target.y;}return top;}
30TLib.getLeftPosition=function(target){var left=0;if(target.offsetParent){while(1){left+=target.offsetLeft;if(!target.offsetParent){break;}target=target.offsetParent;}}else if(target.x){left+=target.x;}return left;}
31TLib.showMessage=function(target,message,autohide){var msg;var msgcontent;if(!top.message){var MSGTIMER=10;var MSGSPEED=5;var MSGOFFSET=1;var MSGHIDE=2;msg=document.createElement('div');msg.id='msg';msgcontent=document.createElement('div');msgcontent.id='msgcontent';document.body.appendChild(msg);msg.appendChild(msgcontent);msg.style.filter='alpha(opacity=0)';msg.style.opacity=0;msg.alpha=0;top.message=msg;msg.show=function(flag){var value;if(flag==1){value=msg.alpha+MSGSPEED;}else{value=msg.alpha-MSGSPEED;}msg.alpha=value;msg.style.opacity=(value/100);msg.style.filter='alpha(opacity='+value+')';if(value>=99){clearInterval(msg.timer);msg.timer=null;}else if(value<=1){msg.style.display="none";clearInterval(msg.timer);}};msg.hide=function(){var msg=TLib.getObj('msg');if(msg){if(!msg.timer){msg.timer=setInterval("top.message.show(0)",MSGTIMER);}}}}else{msg=TLib.getObj('msg');msgcontent=TLib.getObj('msgcontent');}msgcontent.innerHTML=message;msg.style.display='block';var msgheight=msg.offsetHeight;var targetdiv=TLib.getObj(target);targetdiv.focus();var targetheight=targetdiv.offsetHeight;var targetwidth=targetdiv.offsetWidth;var topposition=TLib.getTopPosition(targetdiv)-((msgheight-targetheight)/2);var leftposition=TLib.getLeftPosition(targetdiv)+targetwidth+MSGOFFSET;msg.style.top=topposition+'px';msg.style.left=leftposition+'px';clearInterval(msg.timer);msg.timer=setInterval("top.message.show(1)",MSGTIMER);if(!autohide){autohide=MSGHIDE;}window.setTimeout("top.message.hide()",(autohide*5000));}32TLib.isEmail=function(val){if(/^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/.test(val)){return true;}return false;}
33TLib.isEmpty=function(val){return TLib.trim(val)=='';}
34TLib.isNumber=function(val){var reg=/^\d+$/;return (reg.test(val));}Implied eval. Consider passing a function instead of a string
28TLib.setFocus=function(id){if(!TLib.getObj(id)) return;TLib.getObj(id).focus();}
29TLib.getTopPosition=function(target){var top=0;if(target.offsetParent){while(1){top+=target.offsetTop;if(!target.offsetParent){break;}target=target.offsetParent;}}else if(target.y){top+=target.y;}return top;}
30TLib.getLeftPosition=function(target){var left=0;if(target.offsetParent){while(1){left+=target.offsetLeft;if(!target.offsetParent){break;}target=target.offsetParent;}}else if(target.x){left+=target.x;}return left;}
31TLib.showMessage=function(target,message,autohide){var msg;var msgcontent;if(!top.message){var MSGTIMER=10;var MSGSPEED=5;var MSGOFFSET=1;var MSGHIDE=2;msg=document.createElement('div');msg.id='msg';msgcontent=document.createElement('div');msgcontent.id='msgcontent';document.body.appendChild(msg);msg.appendChild(msgcontent);msg.style.filter='alpha(opacity=0)';msg.style.opacity=0;msg.alpha=0;top.message=msg;msg.show=function(flag){var value;if(flag==1){value=msg.alpha+MSGSPEED;}else{value=msg.alpha-MSGSPEED;}msg.alpha=value;msg.style.opacity=(value/100);msg.style.filter='alpha(opacity='+value+')';if(value>=99){clearInterval(msg.timer);msg.timer=null;}else if(value<=1){msg.style.display="none";clearInterval(msg.timer);}};msg.hide=function(){var msg=TLib.getObj('msg');if(msg){if(!msg.timer){msg.timer=setInterval("top.message.show(0)",MSGTIMER);}}}}else{msg=TLib.getObj('msg');msgcontent=TLib.getObj('msgcontent');}msgcontent.innerHTML=message;msg.style.display='block';var msgheight=msg.offsetHeight;var targetdiv=TLib.getObj(target);targetdiv.focus();var targetheight=targetdiv.offsetHeight;var targetwidth=targetdiv.offsetWidth;var topposition=TLib.getTopPosition(targetdiv)-((msgheight-targetheight)/2);var leftposition=TLib.getLeftPosition(targetdiv)+targetwidth+MSGOFFSET;msg.style.top=topposition+'px';msg.style.left=leftposition+'px';clearInterval(msg.timer);msg.timer=setInterval("top.message.show(1)",MSGTIMER);if(!autohide){autohide=MSGHIDE;}window.setTimeout("top.message.hide()",(autohide*5000));}32TLib.isEmail=function(val){if(/^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/.test(val)){return true;}return false;}
33TLib.isEmpty=function(val){return TLib.trim(val)=='';}
34TLib.isNumber=function(val){var reg=/^\d+$/;return (reg.test(val));}Implied eval. Consider passing a function instead of a string
28TLib.setFocus=function(id){if(!TLib.getObj(id)) return;TLib.getObj(id).focus();}
29TLib.getTopPosition=function(target){var top=0;if(target.offsetParent){while(1){top+=target.offsetTop;if(!target.offsetParent){break;}target=target.offsetParent;}}else if(target.y){top+=target.y;}return top;}
30TLib.getLeftPosition=function(target){var left=0;if(target.offsetParent){while(1){left+=target.offsetLeft;if(!target.offsetParent){break;}target=target.offsetParent;}}else if(target.x){left+=target.x;}return left;}
31TLib.showMessage=function(target,message,autohide){var msg;var msgcontent;if(!top.message){var MSGTIMER=10;var MSGSPEED=5;var MSGOFFSET=1;var MSGHIDE=2;msg=document.createElement('div');msg.id='msg';msgcontent=document.createElement('div');msgcontent.id='msgcontent';document.body.appendChild(msg);msg.appendChild(msgcontent);msg.style.filter='alpha(opacity=0)';msg.style.opacity=0;msg.alpha=0;top.message=msg;msg.show=function(flag){var value;if(flag==1){value=msg.alpha+MSGSPEED;}else{value=msg.alpha-MSGSPEED;}msg.alpha=value;msg.style.opacity=(value/100);msg.style.filter='alpha(opacity='+value+')';if(value>=99){clearInterval(msg.timer);msg.timer=null;}else if(value<=1){msg.style.display="none";clearInterval(msg.timer);}};msg.hide=function(){var msg=TLib.getObj('msg');if(msg){if(!msg.timer){msg.timer=setInterval("top.message.show(0)",MSGTIMER);}}}}else{msg=TLib.getObj('msg');msgcontent=TLib.getObj('msgcontent');}msgcontent.innerHTML=message;msg.style.display='block';var msgheight=msg.offsetHeight;var targetdiv=TLib.getObj(target);targetdiv.focus();var targetheight=targetdiv.offsetHeight;var targetwidth=targetdiv.offsetWidth;var topposition=TLib.getTopPosition(targetdiv)-((msgheight-targetheight)/2);var leftposition=TLib.getLeftPosition(targetdiv)+targetwidth+MSGOFFSET;msg.style.top=topposition+'px';msg.style.left=leftposition+'px';clearInterval(msg.timer);msg.timer=setInterval("top.message.show(1)",MSGTIMER);if(!autohide){autohide=MSGHIDE;}window.setTimeout("top.message.hide()",(autohide*5000));}32TLib.isEmail=function(val){if(/^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/.test(val)){return true;}return false;}
33TLib.isEmpty=function(val){return TLib.trim(val)=='';}
34TLib.isNumber=function(val){var reg=/^\d+$/;return (reg.test(val));}Implied eval. Consider passing a function instead of a string
112 this.clearMethod(name);
113 this.pendingCalls[name] = new FTB_TimeoutCall(obj,method,arg1,arg2);
114 this.pendingCalls[name].timeout =
115 setTimeout('FTB_Timeout.executeMethod("' + name + '");',delay);116};
117FTB_TimeoutManager.prototype.executeMethod = function(name) {
118 call = this.pendingCalls[name];
Description
It's considered a good practice to avoid using eval() in JavaScript.
There are security and performance implications involved with doing so.
However, there are some other ways to pass a string and have it interpreted as JavaScript code that have similar concerns.
One of the ways is by using setTimeout(), setInterval() or execScript() (Internet Explorer only), all of which can accept a string of JavaScript code as their first argument.
For example:
setTimeout("alert('Hi!');", 100);
This is considered an implied eval() because a string of JavaScript code is passed in to be interpreted.
The same can be done with setInterval() and execScript().
Both interpret the JavaScript code in the global scope. For both setTimeout() and setInterval(), the first argument can also be a function, and that is considered safer and is more performant:
setTimeout(function() {
alert("Hi!");
}, 100);
Therefore, the best practice is to always use a function for the first argument of setTimeout() and setInterval() (and avoid execScript()).
Bad Practice
setTimeout("alert('Hi!');", 100);
setInterval("alert('Hi!');", 100);
execScript("alert('Hi!')");
window.setTimeout("count = 5", 10);
window.setInterval("foo = bar", 10);
Recommended
setTimeout(function() {
alert("Hi!");
}, 100);
setInterval(function() {
alert("Hi!");
}, 100);