(window.webpackJsonp=window.webpackJsonp||[]).push([[1738],{2146:function(t,a,s){"use strict";s.r(a);var e=s(31),r=Object(e.a)({},(function(){var t=this,a=t.$createElement,s=t._self._c||a;return s("ContentSlotsDistributor",{attrs:{"slot-key":t.$parent.slotKey}},[s("h1",{attrs:{id:"evaluating-javascript"}},[s("a",{staticClass:"header-anchor",attrs:{href:"#evaluating-javascript"}},[t._v("#")]),t._v(" Evaluating JavaScript")]),t._v(" "),s("p",[t._v("In JavaScript, the "),s("code",[t._v("eval")]),t._v(" function evaluates a string as if it were JavaScript code. The return value is the result of the evaluated string, e.g. "),s("code",[t._v("eval('2 + 2')")]),t._v(" returns "),s("code",[t._v("4")]),t._v(".")]),t._v(" "),s("p",[s("code",[t._v("eval")]),t._v(" is available in the global scope. The lexical scope of the evaluation is the local scope unless invoked indirectly (e.g. "),s("code",[t._v("var geval = eval; geval(s);")]),t._v(").")]),t._v(" "),s("p",[s("strong",[t._v("The use of "),s("code",[t._v("eval")]),t._v(" is strongly discouraged.")]),t._v(" See the Remarks section for details.")]),t._v(" "),s("h2",{attrs:{id:"introduction"}},[s("a",{staticClass:"header-anchor",attrs:{href:"#introduction"}},[t._v("#")]),t._v(" Introduction")]),t._v(" "),s("p",[t._v("You can always run JavaScript from inside itself, although this is "),s("strong",[t._v("strongly discouraged")]),t._v(" due to the security vulnerabilities it presents (see Remarks for details).")]),t._v(" "),s("p",[t._v("To run JavaScript from inside JavaScript, simply use the below function:")]),t._v(" "),s("div",{staticClass:"language-js extra-class"},[s("pre",{pre:!0,attrs:{class:"language-js"}},[s("code",[s("span",{pre:!0,attrs:{class:"token function"}},[t._v("eval")]),s("span",{pre:!0,attrs:{class:"token punctuation"}},[t._v("(")]),s("span",{pre:!0,attrs:{class:"token string"}},[t._v("\"var a = 'Hello, World!'\"")]),s("span",{pre:!0,attrs:{class:"token punctuation"}},[t._v(")")]),s("span",{pre:!0,attrs:{class:"token punctuation"}},[t._v(";")]),t._v("\n\n")])])]),s("h2",{attrs:{id:"evaluation-and-math"}},[s("a",{staticClass:"header-anchor",attrs:{href:"#evaluation-and-math"}},[t._v("#")]),t._v(" Evaluation and Math")]),t._v(" "),s("p",[t._v("You can set a variable to something with the "),s("code",[t._v("eval()")]),t._v(" function by using something similar to the below code:")]),t._v(" "),s("div",{staticClass:"language-js extra-class"},[s("pre",{pre:!0,attrs:{class:"language-js"}},[s("code",[s("span",{pre:!0,attrs:{class:"token keyword"}},[t._v("var")]),t._v(" x "),s("span",{pre:!0,attrs:{class:"token operator"}},[t._v("=")]),t._v(" "),s("span",{pre:!0,attrs:{class:"token number"}},[t._v("10")]),s("span",{pre:!0,attrs:{class:"token punctuation"}},[t._v(";")]),t._v("\n"),s("span",{pre:!0,attrs:{class:"token keyword"}},[t._v("var")]),t._v(" y "),s("span",{pre:!0,attrs:{class:"token operator"}},[t._v("=")]),t._v(" "),s("span",{pre:!0,attrs:{class:"token number"}},[t._v("20")]),s("span",{pre:!0,attrs:{class:"token punctuation"}},[t._v(";")]),t._v("\n"),s("span",{pre:!0,attrs:{class:"token keyword"}},[t._v("var")]),t._v(" a "),s("span",{pre:!0,attrs:{class:"token operator"}},[t._v("=")]),t._v(" "),s("span",{pre:!0,attrs:{class:"token function"}},[t._v("eval")]),s("span",{pre:!0,attrs:{class:"token punctuation"}},[t._v("(")]),s("span",{pre:!0,attrs:{class:"token string"}},[t._v('"x * y"')]),s("span",{pre:!0,attrs:{class:"token punctuation"}},[t._v(")")]),t._v(" "),s("span",{pre:!0,attrs:{class:"token operator"}},[t._v("+")]),t._v(" "),s("span",{pre:!0,attrs:{class:"token string"}},[t._v('"<br>"')]),s("span",{pre:!0,attrs:{class:"token punctuation"}},[t._v(";")]),t._v("\n"),s("span",{pre:!0,attrs:{class:"token keyword"}},[t._v("var")]),t._v(" b "),s("span",{pre:!0,attrs:{class:"token operator"}},[t._v("=")]),t._v(" "),s("span",{pre:!0,attrs:{class:"token function"}},[t._v("eval")]),s("span",{pre:!0,attrs:{class:"token punctuation"}},[t._v("(")]),s("span",{pre:!0,attrs:{class:"token string"}},[t._v('"2 + 2"')]),s("span",{pre:!0,attrs:{class:"token punctuation"}},[t._v(")")]),t._v(" "),s("span",{pre:!0,attrs:{class:"token operator"}},[t._v("+")]),t._v(" "),s("span",{pre:!0,attrs:{class:"token string"}},[t._v('"<br>"')]),s("span",{pre:!0,attrs:{class:"token punctuation"}},[t._v(";")]),t._v("\n"),s("span",{pre:!0,attrs:{class:"token keyword"}},[t._v("var")]),t._v(" c "),s("span",{pre:!0,attrs:{class:"token operator"}},[t._v("=")]),t._v(" "),s("span",{pre:!0,attrs:{class:"token function"}},[t._v("eval")]),s("span",{pre:!0,attrs:{class:"token punctuation"}},[t._v("(")]),s("span",{pre:!0,attrs:{class:"token string"}},[t._v('"x + 17"')]),s("span",{pre:!0,attrs:{class:"token punctuation"}},[t._v(")")]),t._v(" "),s("span",{pre:!0,attrs:{class:"token operator"}},[t._v("+")]),t._v(" "),s("span",{pre:!0,attrs:{class:"token string"}},[t._v('"<br>"')]),s("span",{pre:!0,attrs:{class:"token punctuation"}},[t._v(";")]),t._v("\n\n"),s("span",{pre:!0,attrs:{class:"token keyword"}},[t._v("var")]),t._v(" res "),s("span",{pre:!0,attrs:{class:"token operator"}},[t._v("=")]),t._v(" a "),s("span",{pre:!0,attrs:{class:"token operator"}},[t._v("+")]),t._v(" b "),s("span",{pre:!0,attrs:{class:"token operator"}},[t._v("+")]),t._v(" c"),s("span",{pre:!0,attrs:{class:"token punctuation"}},[t._v(";")]),t._v("\n\n")])])]),s("p",[t._v("The result, stored in the variable "),s("code",[t._v("res")]),t._v(", will be:")]),t._v(" "),s("blockquote"),t._v(" "),s("p",[t._v("200"),s("br"),t._v("4"),s("br"),t._v("27")]),t._v(" "),s("p",[s("strong",[t._v("The use of "),s("code",[t._v("eval")]),t._v(" is strongly discouraged.")]),t._v(" See the Remarks section for details.")]),t._v(" "),s("h2",{attrs:{id:"evaluate-a-string-of-javascript-statements"}},[s("a",{staticClass:"header-anchor",attrs:{href:"#evaluate-a-string-of-javascript-statements"}},[t._v("#")]),t._v(" Evaluate a string of JavaScript statements")]),t._v(" "),s("div",{staticClass:"language-js extra-class"},[s("pre",{pre:!0,attrs:{class:"language-js"}},[s("code",[s("span",{pre:!0,attrs:{class:"token keyword"}},[t._v("var")]),t._v(" x "),s("span",{pre:!0,attrs:{class:"token operator"}},[t._v("=")]),t._v(" "),s("span",{pre:!0,attrs:{class:"token number"}},[t._v("5")]),s("span",{pre:!0,attrs:{class:"token punctuation"}},[t._v(";")]),t._v("\n"),s("span",{pre:!0,attrs:{class:"token keyword"}},[t._v("var")]),t._v(" str "),s("span",{pre:!0,attrs:{class:"token operator"}},[t._v("=")]),t._v(" "),s("span",{pre:!0,attrs:{class:"token string"}},[t._v("\"if (x == 5) {console.log('z is 42'); z = 42;} else z = 0; \"")]),s("span",{pre:!0,attrs:{class:"token punctuation"}},[t._v(";")]),t._v("\n\nconsole"),s("span",{pre:!0,attrs:{class:"token punctuation"}},[t._v(".")]),s("span",{pre:!0,attrs:{class:"token function"}},[t._v("log")]),s("span",{pre:!0,attrs:{class:"token punctuation"}},[t._v("(")]),s("span",{pre:!0,attrs:{class:"token string"}},[t._v('"z is "')]),s("span",{pre:!0,attrs:{class:"token punctuation"}},[t._v(",")]),t._v(" "),s("span",{pre:!0,attrs:{class:"token function"}},[t._v("eval")]),s("span",{pre:!0,attrs:{class:"token punctuation"}},[t._v("(")]),t._v("str"),s("span",{pre:!0,attrs:{class:"token punctuation"}},[t._v(")")]),s("span",{pre:!0,attrs:{class:"token punctuation"}},[t._v(")")]),s("span",{pre:!0,attrs:{class:"token punctuation"}},[t._v(";")]),t._v("\n\n")])])]),s("p",[s("strong",[t._v("The use of "),s("code",[t._v("eval")]),t._v(" is strongly discouraged.")]),t._v(" See the Remarks section for details.")]),t._v(" "),s("h4",{attrs:{id:"syntax"}},[s("a",{staticClass:"header-anchor",attrs:{href:"#syntax"}},[t._v("#")]),t._v(" Syntax")]),t._v(" "),s("ul",[s("li",[t._v("eval(string);")])]),t._v(" "),s("h4",{attrs:{id:"parameters"}},[s("a",{staticClass:"header-anchor",attrs:{href:"#parameters"}},[t._v("#")]),t._v(" Parameters")]),t._v(" "),s("table",[s("thead",[s("tr",[s("th",[t._v("Parameter")]),t._v(" "),s("th",[t._v("Details")])])]),t._v(" "),s("tbody",[s("tr",[s("td",[t._v("string")]),t._v(" "),s("td",[t._v("The JavaScript to be evaluated.")])])])]),t._v(" "),s("h4",{attrs:{id:"remarks"}},[s("a",{staticClass:"header-anchor",attrs:{href:"#remarks"}},[t._v("#")]),t._v(" Remarks")]),t._v(" "),s("p",[s("strong",[t._v("The use of "),s("code",[t._v("eval")]),t._v(" is strongly discouraged; in many scenarios it presents a security vulnerability.")])]),t._v(" "),s("blockquote"),t._v(" "),s("p",[t._v("eval() is a dangerous function, which executes the code it's passed with the privileges of the caller. If you run eval() with a string that could be affected by a malicious party, you may end up running malicious code on the user's machine with the permissions of your webpage / extension. More importantly, third party code can see the scope in which eval() was invoked, which can lead to possible attacks in ways to which the similar Function is not susceptible.\n"),s("a",{attrs:{href:"https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval#Don%27t_use_eval_needlessly!",target:"_blank",rel:"noopener noreferrer"}},[t._v("MDN JavaScript Reference"),s("OutboundLink")],1)]),t._v(" "),s("p",[t._v("Additionally:")]),t._v(" "),s("ul",[s("li",[s("a",{attrs:{href:"http://stackoverflow.com/questions/18189496/exploiting-javascripts-eval-method",target:"_blank",rel:"noopener noreferrer"}},[t._v("Exploiting JavaScript's eval() method"),s("OutboundLink")],1)]),t._v(" "),s("li",[s("a",{attrs:{href:"http://security.stackexchange.com/questions/94017/what-are-the-security-issues-with-eval-in-javascript",target:"_blank",rel:"noopener noreferrer"}},[t._v("What are the security issues with “eval()” in JavaScript?"),s("OutboundLink")],1)])])])}),[],!1,null,null,null);a.default=r.exports}}]);