eval can be harmful.
446 .replaceAll('(this)', `("#${obj.id}")`)
447 .replaceAll('this.', `${obj.id}.`)
448
449 eval(modifiedJS) 450 }
451 }
452 }
eval can be harmful.
941 if (obj.datalist !== null && obj.datalist !== '' && typeof obj.datalist !== 'undefined') {
942 let dl = obj.datalist
943 if (!$.isArray(dl)) dl = JSON.parse(dl)
944 if (!$.isArray(dl)) dl = eval(dl) 945 nuAddDatalist($id.attr('id'), dl)
946 }
947}
eval can be harmful.
1654 }
1655
1656 if (s.substr(0, 1) + s.substr(-1) == '[]') {
1657 eval('a = ' + s)1658 }
1659
1660 $sel.append('<option value=""></option>')
eval can be harmful.
2673
2674 const nuCancel = false
2675
2676 eval(before)2677
2678 if (nuCancel) { return }
2679
eval can be harmful.
2731 })
2732 }
2733
2734 eval(after)2735}
2736
2737function nuLabelGetValidationClass (validationId) {
eval can be harmful.
4204
4205 nuCalculateForm()
4206
4207 eval(fm.lookup_javascript)4208
4209 $('#dialogClose').click()
4210
eval can be harmful.
4318 const sfid = $(e.target).parent().parent().parent()[0].id
4319 const click = $('#' + sfid).attr('data-nu-clickdelete')
4320
4321 eval(click)4322
4323 nuHasBeenEdited()
4324 nuCalculateForm()
eval can be harmful.
1425 const obj = document.getElementById(i)
1426 if (obj === null) return
1427
1428 a = eval(a)1429
1430 if (a === undefined || a === '' || a.length === 0) { return }
1431
eval can be harmful.
322 if (nuDisplayError(fm)) { return };
323
324 window.nuSERVERRESPONSE_HIDDEN = fm
325 eval(fm.callback + ';')326 }
327
328 nuAjax(last, successCallback)
Description
JavaScript's eval()
function is potentially dangerous and is often misused.
Using eval()
on untrusted code can open a program up to several different injection attacks.
The use of eval()
in most contexts can be substituted for a better, alternative approach to the problem.
Bad Practice
const obj = { x: "foo" }
const key = "x"
const value = eval("obj." + key);
(0, eval)("var a = 0");
const foo = eval;
foo("var a = 0");
// This `this` is the global object.
this.eval("var a = 0");
Recommended
const obj = { x: "foo" },
key = "x",
value = obj[key];
class A {
foo() {
// This is a user-defined method.
this.eval("var a = 0");
}
eval() { /* ... * / }
}