对不起...关于eval（）的另一个问题 [英] Sorry... another question about eval()

问题描述

我已经阅读了很多关于在Javascript中使用eval（）的帖子，而我/ b $ b同意它的使用是有问题的。但它确实提出以下问题

问题：


在使用eval（）之前字符串需要多么随意？
执行它需要
？


鉴于以下代码，我能够评估/执行大多数表达式

喜欢：" ; abcd（）"


var aPart = sExpression.split（"。"）;

var oContext = window;

var i = 0;

var iSize = aPath.length - 1;


while（i< iSize&&（oContext = oContext [aPart [i ++]]））{}


//执行函数

oContext [aPart [i] .replace（/ \（\\ \\）/，""）]（）;


但是给定一个更复杂的表达式，使用eval（）是否合理？

For例如， ：" ab（cd（））"


有什么想法吗？


Steve

解决方案

sn **** @ mxlogic.com 在2005年8月12日下午4:31发表以下内容：

我已经阅读了很多帖子在Javascript中使用eval（），我同意它的使用是有问题的。


这是值得怀疑的。你使用eval的99％（可能更多）使用

在脚本编写中直接归因于

写的人的无能。

但它确实提出了以下问题：

在使用eval（）执行它之前，字符串需要多么随意？

任意无所谓。重要的是你是否知道字符串，

及其内容，在运行时与否。 eval'的用途是在运行时执行

未知的代码。


-

Randy

comp.lang.javascript常见问题 - http://jibbering.com/faq &安培;新闻组周刊

原帖中提出的问题似乎更具学术性。密钥

短语是任意的，可能暗示字符串具有未知的复杂性。鉴于这种情况，是否应该使用eval（）？

st ******** @ gmail.com 在2005年8月12日下午5:37发表以下内容：

提出的问题原帖似乎更具学术性。


什么原始帖子？那个你不打算引用任何东西的那个？


< URL： http://jibbering.com/faq/#FAQ2_3 >


"回复群组修剪报价时的消息根据FYI28 / RFC1855（绝不是最高职位），将之前的

消息发送到所需的最低要求，并在相关的

部分的引用材料下添加您的评论。

关键短语是任意，可能暗示字符串具有未知的复杂性。


如何采取书面文字是读者的想法，而不是

作家。这意味着你所阅读和得出的东西不是别人可能从中得到的东西。


这是一个问题：

< quote>

"在使用eval（）之前，字符串需要多么随意？

执行它？"

< / quote>


答案保持不变：


< quote cite ="回答>

任意无所谓。重要的是你是否知道字符串，

及其内容，在运行时与否。 eval'的用途是在运行时执行
未知的代码。

< / quote>

鉴于这种情况，应该是eval （）使用？

只有在没有其他办法的情况下才能这样做，而这直接取决于代码是什么。这个答案很简单并不是一个简单的问题，因为你似乎想要做到这一点。


但一般来说，答案是否定的。所有其他补救措施/尝试都用完之前不要使用eval。


-

Randy

comp.lang.javascript常见问题 - http://jibbering.com/faq&新闻组周刊

I have read a number of posts on the use of eval() in Javascript, and I
agree that its use is questionable. But it does beg the following
question:

"How arbitrary does a string need to be before the use of eval() is
required to execute it?"

Given the following code, I''m able to evaluate/execute most expressions
like: "a.b.c.d()"

var aPart = sExpression.split(".");
var oContext = window;
var i = 0;
var iSize = aPath.length - 1;

while (i < iSize && (oContext = oContext[aPart[i++]])) { }

// execute the function
oContext[aPart[i].replace(/\(\)/, "")]();

But given a more complex expression, is the use of eval() justified?
For example, what about: "a.b(c.d())"

Any thoughts?

Steve

解决方案

sn****@mxlogic.com said the following on 8/12/2005 4:31 PM:

I have read a number of posts on the use of eval() in Javascript, and I
agree that its use is questionable.
It''s beyond questionable. 99% (probably more) of the uses of eval you
see in scripting is due directly to the incompetence of the person who
wrote it.
But it does beg the following question:

"How arbitrary does a string need to be before the use of eval() is
required to execute it?"

Arbitrary doesn''t matter. What matters is whether you know the string,
and it''s content, at runtime or not. eval''s use is to execute code that
is unknown at runtime.

--
Randy
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly

The question posed in the original post seems more academic. The key
phrase is "arbitrary", possibly implying the string has unknown
complexity. Given this scenario, should eval() be used?

st********@gmail.com said the following on 8/12/2005 5:37 PM:

The question posed in the original post seems more academic.
What original post? The one you didn''t bother to quote anything about?

<URL: http://jibbering.com/faq/#FAQ2_3 >

"When replying to a message on the group trim quotes of the preceding
messages to the minimum needed and add your comments below the pertinent
section of quoted material, as per FYI28/RFC1855 (never top post). "
The key phrase is "arbitrary", possibly implying the string has unknown
complexity.
How written words are taken is in the mind of the reader, not the
writer. It means that what you read and get out of something is not what
someone else may get from it.

This was the question:
<quote>
"How arbitrary does a string need to be before the use of eval() is
required to execute it?"
</quote>

And the answer remains the same:

<quote cite="answer">
Arbitrary doesn''t matter. What matters is whether you know the string,
and it''s content, at runtime or not. eval''s use is to execute code that
is unknown at runtime.
</quote>
Given this scenario, should eval() be used?

Only if there is no other way to do it, and that depends directly on
what the code is. It is not a simple question with a simple answer as
you seem to be trying to make it.

But generally, the answer is no. Do NOT use eval until every, any and
all other remedies/attempts are exhausted.

--
Randy
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly

这篇关于对不起...关于eval（）的另一个问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！