为什么使用JavaScript eval函数是一个坏主意？ [英] Why is using the JavaScript eval function a bad idea?

问题描述

eval函数是一种动态生成代码的强大而简单的方法，那么有什么警告呢？

The eval function is a powerful and easy way to dynamically generate code, so what are the caveats?

推荐答案

1. 错误使用 eval 会打开您的
   注射攻击代码

1. Improper use of eval opens up your code for injection attacks

调试可能更具挑战性
（无行号等）

Debugging can be more challenging (no line numbers, etc.)

评估代码执行速度较慢（没有机会编译/缓存评估代码）

eval'd code executes slower (no opportunity to compile/cache eval'd code)

编辑：正如@Jeff Walden在评论中指出的那样，＃3少了今天是真实的，而不是2008年。但是，虽然可能会发生一些编译脚本的缓存，但这仅限于在没有修改的情况下重复进行重复的脚本。更可能的情况是，您正在评估每次都经过轻微修改的脚本，因此无法缓存。我们只说一些eval'd代码执行得更慢。

As @Jeff Walden points out in comments, #3 is less true today than it was in 2008. However, while some caching of compiled scripts may happen this will only be limited to scripts that are eval'd repeated with no modification. A more likely scenario is that you are eval'ing scripts that have undergone slight modification each time and as such could not be cached. Let's just say that SOME eval'd code executes more slowly.

这篇关于为什么使用JavaScript eval函数是一个坏主意？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！