1
Well, I was reading about eval
Javascript and I came across a lot of questions in my brain in which it involves about it being insecure and scope.
Because he is insecure?
Why is considered a third scope?
Why is it considered a way to create codes dynamically? to my see all in JS and run dynamically...
Relacionados: https://answall.com/questions/128845/eval-%C3%A9-mocinho-ou-bandido
– hkotsubo
It will take any snippet of code and run. If there is one
drop database
being sent to your server (and he accepts the command, of course), so he lost everything. Theeval
is very useful when you even change a code snippet yourself, not so much when you try to interpret another’s code– Jefferson Quesado
I also often ask myself this question sometimes: How can the
eval
dangerous in Javascript, and anyway it will be interpreted in the client’s browser?– Wallace Maxters
Imagine you’re on a page that has
eval(data);
. Ifdata
is the answer of a webservice and by chance he, instead of returning the data, return"location.href='http://welcome.to.hell.com/'"
; what do you think would be the consequence of this, on the internet in general and especially for those who enter this site, with thiseval()
?– Marcelo Shiniti Uchimura