如何在不使用 eval() 的情况下计算 JavaScript 中的字符串公式？

Calculating String Values in JavaScript without eval()

Evaluating strings containing formulas is a common task in programming. While JavaScript offers the eval() function for such purposes, it presents security risks and is generally discouraged. Here's an alternative approach to calculate string values without using eval().

Using the Function() Constructor

The Function() constructor can create anonymous functions from strings. This can be utilized to evaluate string expressions. For example, consider the following code:

function evil(fn) {
  return new Function('return ' + fn)();
}

console.log(evil('12/5*9+9.4*2')); // => 40.4

By returning a new function evaluated by the Function() constructor, we can execute mathematical operations stored in strings. In this example, the string "12/5*9+9.4*2" is evaluated to 40.4.

Advantages of This Approach

Compared to eval(), the Function() constructor allows for:

• Enhanced security: Evaluating strings with the Function() constructor avoids potential security vulnerabilities associated with eval(), which can execute arbitrary code.
• Type safety: The Function() constructor checks the syntax of the string argument before executing it, enhancing type safety.

While the Function() constructor offers a more secure and reliable alternative to eval(), it's important to note that it still evaluates code dynamically, so precautions should be taken to avoid malicious inputs.

以上是如何在不使用 eval() 的情况下计算 JavaScript 中的字符串公式？的详细内容。更多信息请关注PHP中文网其他相关文章！