Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
428 views
in Technique[技术] by (71.8m points)

javascript - 为什么使用JavaScript eval函数是个坏主意?(Why is using the JavaScript eval function a bad idea?)

eval函数是一种动态生成代码的强大而简便的方法,那么有哪些警告?

  ask by Brian Singh translate from so

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)
  1. Improper use of eval opens up your code for injection attacks

    (错误使用eval会使您的代码遭受注入攻击)

  2. Debugging can be more challenging (no line numbers, etc.)

    (调试可能会更具挑战性(没有行号等))

  3. eval'd code executes slower (no opportunity to compile/cache eval'd code)

    (评估的代码执行速度较慢(没有机会编译/缓存评估的代码))

Edit: As @Jeff Walden points out in comments, #3 is less true today than it was in 2008. However, while some caching of compiled scripts may happen this will only be limited to scripts that are eval'd repeated with no modification.

(编辑:正如@Jeff Walden在评论中指出的那样,今天#3的真实性要低于2008年。但是,尽管可能会缓存一些已编译脚本,但这仅限于未经修改就重复的脚本。)

A more likely scenario is that you are eval'ing scripts that have undergone slight modification each time and as such could not be cached.

(更有可能的情况是您正在评估每次都经过略微修改且因此无法缓存的脚本。)

Let's just say that SOME eval'd code executes more slowly.

(我们只说某些评估代码的执行速度较慢。)


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...