eval can be harmful.
4147 const sfid = $(e.target).parent().parent().parent()[0].id
4148 const click = $('#' + sfid).attr('data-nu-clickdelete')
4149
4150 eval(click)4151
4152 nuHasBeenEdited()
4153 nuCalculateForm()
eval can be harmful.
4041
4042 nuCalculateForm()
4043
4044 eval(fm.lookup_javascript)4045
4046 $('#dialogClose').click()
4047}
eval can be harmful.
2722 })
2723 }
2724
2725 eval(after)2726}
2727
2728function nuLabel (w, i, p, prop) {
eval can be harmful.
2664
2665 const nuCancel = false
2666
2667 eval(before)2668
2669 if (nuCancel) { return }
2670
eval can be harmful.
1702 }
1703
1704 if (s.substr(0, 1) + s.substr(-1) == '[]') {
1705 eval('a = ' + s)1706 }
1707
1708 $id.append('<option value=""></option>')
eval can be harmful.
923 if (obj.datalist !== null && obj.datalist !== '' && typeof obj.datalist !== 'undefined') {
924 let dl = obj.datalist
925 if (!$.isArray(dl)) dl = JSON.parse(dl)
926 if (!$.isArray(dl)) dl = eval(dl) 927 nuAddDatalist($id.attr('id'), dl)
928 }
929}
eval can be harmful.
444 let js = obj.js[j].js
445 js = js.replaceAll('(this)', '("#' + obj.id + '")')
446 js = js.replaceAll('this.', obj.id + '.')
447 eval(js) 448 }
449 }
450 }
eval can be harmful.
4255 const v = 0
4256
4257 if (formula != '') {
4258 eval('var v = ' + formula)4259 }
4260
4261 const fixed = nuFORM.addFormatting(v, fmt)
eval can be harmful.
1430 const obj = document.getElementById(i)
1431 if (obj === null) return
1432
1433 a = eval(a)1434
1435 if (a === undefined || a === '' || a.length === 0) { return }
1436
eval can be harmful.
176 const attrValue = $input.attr('time:' + attrName)
177 if (attrValue) {
178 try {
179 inlineSettings[attrName] = eval(attrValue) 180 } catch (err) {
181 inlineSettings[attrName] = attrValue
182 }
eval can be harmful.
255 $('#openlayersmap').empty()
256 /* TODO: the gis_data_editor should rather return JSON than JS code to eval */
257 // eslint-disable-next-line no-eval
258 eval(data.openLayers)259 initGISEditorVisualization()
260 } else {
261 Functions.ajaxShowMessage(data.error, false)
eval can be harmful.
3659 $container.removeClass('isActive')
3660 })
3661 // eslint-disable-next-line no-eval
3662 eval(callback)3663 } else {
3664 Functions.ajaxShowMessage(data.error, false)
3665 $container.removeClass('isActive')
Description
JavaScript's eval()
function is potentially dangerous and is often misused.
Using eval()
on untrusted code can open a program up to several different injection attacks.
The use of eval()
in most contexts can be substituted for a better, alternative approach to the problem.
Bad Practice
const obj = { x: "foo" }
const key = "x"
const value = eval("obj." + key);
(0, eval)("var a = 0");
const foo = eval;
foo("var a = 0");
// This `this` is the global object.
this.eval("var a = 0");
Recommended
const obj = { x: "foo" },
key = "x",
value = obj[key];
class A {
foo() {
// This is a user-defined method.
this.eval("var a = 0");
}
eval() { /* ... * / }
}