Safe String Evaluation in JavaScript: Alternatives to eval()
The eval() function, while convenient, exposes potential security risks in JavaScript. When dealing with untrusted strings containing executable code, it's essential to find safer alternatives.
One viable option is to employ the Function() constructor. This constructor allows us to create a dynamic function from a given string:
function evil(fn) {
return new Function('return ' + fn)();
}Utilizing this function, we can evaluate a mathematical string expression without the risks associated with eval(). Here's an example:
const apa = "12/5*9+9.4*2"; console.log(evil(apa)); // Output: 40.4
This method provides a secure way to calculate string values without resorting to eval(). It offers increased protection against malicious code injection, making it a safer choice for handling untrusted inputs.
The above is the detailed content of How to Safely Evaluate Strings in JavaScript: Alternatives to `eval()`?. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
