为什么eval()存在? [英] Why does eval() exist?
问题描述
许多程序员说使用 eval()函数是糟糕做法:
Many programmers say it is a bad practice to use the eval() function:
我想花一点时间来解决你的问题的前提 - eval()是邪恶的......
I'd like to take a moment to address the premise of your question - that eval() is "evil"...
Buggy evaled代码违反安全属性就像有缺陷的源代码一样容易......
Buggy evaled code can violate security properties just as easily as buggy source code...
您的安全性有多种方式可能会受到损害......
There are a number of ways that your security may be compromised...
Is there ever a good reason to use eval()?
是 - 当没有其他方法以合理的清晰度完成给定的任务时...这消除了使用eval的99%的情况......
Yes - when there is no other way to accomplish the given task with a reasonable level of clarity... This eliminates 99% of cases where eval is used...
eval的危险只会在你用alice写给bob的用户bob的脚本时显得很丑陋浏览器评估...
The danger of eval only rears its ugly head when you are serving a script written by alice to user bob for bob's browser to eval...
那么为什么它首先存在吗?
So why does it exist in the first place?
推荐答案
因为有时 需要。例如,在JavaScript中使用 eval 的所有相同原因可能与使用Java中的反射共享。
Because sometimes there is a need. All the same reasons for/against using eval in JavaScript can likely be shared with the use of reflection in Java, for example.
但是,我同意你在问题中引用的所有内容。使用它的许多原因都是不明智的,最好采用不同的方式 - 但有时,仍然需要,或者它只是其他可用替代品的最佳选择。 (我将重点关注有没有好的答案出于其他原因使用eval()?的原因。)
However, I agree with everything you quoted in your question. Many reasons for using it are ill-advised, and best done differently - but sometimes, there is still a need, or it is simply the "best choice" over other available alternatives. (I'd focus on the answers to Is there ever a good reason to use eval()? for additional reasons.)
+1给你的问题做好研究。
+1 to your question for good research.
这篇关于为什么eval()存在?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
