Javascript eval. Why is it insecure?

Asked

Viewed 37 times

1

Well, I was reading about eval Javascript and I came across a lot of questions in my brain in which it involves about it being insecure and scope.

Because he is insecure?

Why is considered a third scope?

Why is it considered a way to create codes dynamically? to my see all in JS and run dynamically...

  • 2

    Relacionados: https://answall.com/questions/128845/eval-%C3%A9-mocinho-ou-bandido

  • 1

    It will take any snippet of code and run. If there is one drop database being sent to your server (and he accepts the command, of course), so he lost everything. The eval is very useful when you even change a code snippet yourself, not so much when you try to interpret another’s code

  • I also often ask myself this question sometimes: How can the eval dangerous in Javascript, and anyway it will be interpreted in the client’s browser?

  • 1

    Imagine you’re on a page that has eval(data);. If data is the answer of a webservice and by chance he, instead of returning the data, return "location.href='http://welcome.to.hell.com/'"; what do you think would be the consequence of this, on the internet in general and especially for those who enter this site, with this eval()?

No answers

Browser other questions tagged

You are not signed in. Login or sign up in order to post.