What uses of eval() (or the indirect eval/execScrtipt()) are legitimate? [duplicate]

This question already has answers here: 开发者_JAVA技巧 When is JavaScript's eval() not evil? (27 answers) Closed 1 year ago.

I have never encountered a situation where I needed eval().

Often times, people say that the [] property accessor makes eval() redundant.

Actually, isn't the execution of a pain statement exactly the same thing as pushing it as an argument into the eval() function. What is it actually used for?

Can you provide examples of when it might be useful to use eval()?

---

eval is something of a hybrid between an expression evaluator and a statement executor. It returns the result of the last expression evaluated (all statements are expressions in Javascript), and allows the final semicolon to be left off.

Example as an expression evaluator:

foo = 2;
alert(eval('foo + 2'));

Example as a statement executor:

foo = 2;
eval('foo = foo + 2;alert(foo);');

One use of JavaScript's eval is to parse JSON text, perhaps as part of an Ajax framework. However, modern browsers provide JSON.parse as a more secure alternative for this task.

source

With that in mind the only real reason I can see you wanting to use eval() is for executing user input.. but that leads to serious security risks... so in short I would say eval() (in javascript at least) has become a mute function; replaced by the many specific functions that would have invoked you to use eval() in the past.

Another idea. You could possibly use it to execute pure js being returned by ajax

your server could pass back a string containing "alert('hello world');" and you could eval(returnData);.

---

Take your favourite Javascript library and grep for uses of eval. Hopefully your library is made by knowleadgeable people and the only cases of eval are the kind of good example you are looking for.

I looked in the Dojo Toolkit and one of the evals there is in the module loader (it apparently has a mode that does an AJAX request for the missing module and evals to execute the code instead of creating a script tag).

---

The most common situation where I find the need to use eval is when I get a json string that I want to use as an object.

var obj = eval('('+jsonString+')');

---

I don't know about legitimate, but this is how jquery uses eval-

globalEval: function( data ) {
    if ( data && rnotwhite.test( data ) ) {
        // We use execScript on Internet Explorer
        // We use an anonymous function so that context is window
        // rather than jQuery in Firefox
        ( window.execScript || function( data ) {
            window[ "eval" ].call( window, data );
        } )( data );
    }
},

---

I don't know how terrible or otherwise this is, but I used it to run scripts inside dynamically loaded HTML templates, as those aren't automatically run.

evaluateScripts = function(container) {
    var scripts, i;
    scripts = container.querySelectorAll("script[type='application/javascript']");
    for (i = 0; i < scripts.length; i++) {
        eval(scripts[i].innerHTML);
    }
}