eval() を使用せずに JavaScript で文字列式を評価する方法

Calculating String Values in JavaScript without eval()

Evaluating strings containing formulas is a common task in programming. While JavaScript offers the eval() function for such purposes, it presents security risks and is generally discouraged. Here's an alternative approach to calculate string values without using eval().

Using the Function() Constructor

The Function() constructor can create anonymous functions from strings. This can be utilized to evaluate string expressions. For example, consider the following code:

function evil(fn) {
  return new Function('return ' + fn)();
}

console.log(evil('12/5*9+9.4*2')); // => 40.4

By returning a new function evaluated by the Function() constructor, we can execute mathematical operations stored in strings. In this example, the string "12/5*9+9.4*2" is evaluated to 40.4.

Advantages of This Approach

Compared to eval(), the Function() constructor allows for:

• Enhanced security: Evaluating strings with the Function() constructor avoids potential security vulnerabilities associated with eval(), which can execute arbitrary code.
• Type safety: The Function() constructor checks the syntax of the string argument before executing it, enhancing type safety.

While the Function() constructor offers a more secure and reliable alternative to eval(), it's important to note that it still evaluates code dynamically, so precautions should be taken to avoid malicious inputs.

以上がeval() を使用せずに JavaScript で文字列式を評価する方法の詳細内容です。詳細については、PHP 中国語 Web サイトの他の関連記事を参照してください。