eval can be harmful.
962 if (obj.datalist !== null && obj.datalist !== '' && typeof obj.datalist !== 'undefined') {
963 let dl = obj.datalist
964 if (!$.isArray(dl)) dl = JSON.parse(dl)
965 if (!$.isArray(dl)) dl = eval(dl) 966 nuAddDatalist(inp.id, dl)
967 }
968}
eval can be harmful.
467 .replaceAll('(this)', `("#${obj.id}")`)
468 .replaceAll('this.', `${obj.id}.`)
469
470 eval(modifiedJS) 471 }
472 }
473 }
eval can be harmful.
1679 }
1680
1681 if (s.substr(0, 1) + s.substr(-1) == '[]') {
1682 eval('a = ' + s)1683 }
1684
1685 $sel.append('<option value=""></option>')
eval can be harmful.
2698
2699 const nuCancel = false
2700
2701 eval(before)2702
2703 if (nuCancel) { return }
2704
eval can be harmful.
2756 })
2757 }
2758
2759 eval(after)2760}
2761
2762function nuLabelGetValidationClass (validationId) {
eval can be harmful.
4232
4233 nuCalculateForm()
4234
4235 eval(fm.lookup_javascript)4236
4237 $('#dialogClose').click()
4238
eval can be harmful.
4346 const sfid = $(e.target).parent().parent().parent()[0].id
4347 const click = $('#' + sfid).attr('data-nu-clickdelete')
4348
4349 eval(click)4350
4351 nuHasBeenEdited()
4352 nuCalculateForm()
eval can be harmful.
1428 const obj = document.getElementById(i)
1429 if (obj === null) return
1430
1431 a = eval(a)1432
1433 if (a === undefined || a === '' || a.length === 0) { return }
1434
Description
JavaScript's eval()
function is potentially dangerous and is often misused.
Using eval()
on untrusted code can open a program up to several different injection attacks.
The use of eval()
in most contexts can be substituted for a better, alternative approach to the problem.
Bad Practice
const obj = { x: "foo" }
const key = "x"
const value = eval("obj." + key);
(0, eval)("var a = 0");
const foo = eval;
foo("var a = 0");
// This `this` is the global object.
this.eval("var a = 0");
Recommended
const obj = { x: "foo" },
key = "x",
value = obj[key];
class A {
foo() {
// This is a user-defined method.
this.eval("var a = 0");
}
eval() { /* ... * / }
}