How to Evaluate String Formulas in JavaScript Without Using eval()?

Calculating String Values in JavaScript without eval()

Evaluating strings containing formulas is a common task in programming. While JavaScript offers the eval() function for such purposes, it presents security risks and is generally discouraged. Here's an alternative approach to calculate string values without using eval().

Using the Function() Constructor

The Function() constructor can create anonymous functions from strings. This can be utilized to evaluate string expressions. For example, consider the following code:

function evil(fn) {
  return new Function('return ' + fn)();
}

console.log(evil('12/5*9+9.4*2')); // => 40.4

By returning a new function evaluated by the Function() constructor, we can execute mathematical operations stored in strings. In this example, the string "12/5*9 9.4*2" is evaluated to 40.4.

Advantages of This Approach

Compared to eval(), the Function() constructor allows for:

• Enhanced security: Evaluating strings with the Function() constructor avoids potential security vulnerabilities associated with eval(), which can execute arbitrary code.
• Type safety: The Function() constructor checks the syntax of the string argument before executing it, enhancing type safety.

While the Function() constructor offers a more secure and reliable alternative to eval(), it's important to note that it still evaluates code dynamically, so precautions should be taken to avoid malicious inputs.

The above is the detailed content of How to Evaluate String Formulas in JavaScript Without Using eval()?. For more information, please follow other related articles on the PHP Chinese website!