eval

I tried this simple JavaScript code: eval('{"Topics":["toto","tata","titi"]}') In the Chrome console, for example, this returns SyntaxError: Unexpected token : I tried the JSON on JSONLint and it's valid. Do you see the bug? Jonathan M FWIW, use JSON.parse instead. Safer than eval . Martin Varta You have to write like this eval('('+stingJson+')' ); to convert an string to Object Hope I help! Because eval does not force an expression context and the string provided is an invalid JavaScript program, thus the first three tokens (and how they are looked at) are: { // <-- beginning of a block, and

I need to execute a custom piece of JavaScript I got from some AJAX call. I could do an eval of the string or I could just append it in a script -tag to the DOM. Which method would be better? var dynamicScript = 'alert(\'Hello world!\');'; Method 1 - Script : var x = '<script type="text/javascript">' + dynamicScript +'</scr' + 'ipt>'; $(document.body).append(x); Method 2 - Eval : eval(dynamicScript); What method is better and why? Or is there an ever better alternative? I prefer eval , because it's generally faster than creating a script tag, and appending it (especially if you wanted to

This question already has an answer here: What are the Alternatives to eval in JavaScript? 9 answers Mozilla's Content Security Policy disallows the use of javascript eval function as well as inline scripts. They claim that all instances of eval can be replaced by another (hopefully safer) function. I agree in most scenarios, Javascript eval can be replaced, but I'm not sure whether the replacement is possible for every case. My question is twofold: Is there a generic way to replace every javascript eval function? (doesn't have to be safe) Is there a case where the Javascript eval cannot be

I use eval() in my current project like this: if (class_exists($class_name)) //$class_name depends on user input eval($class_name.'::MyStaticMethod()'); eval() is executed if and only if class with the name $class_name exists so it's kinda safe, but I still don't think that this is the best solution. Can I do the same what code above does without eval() ? Leri I have recently answered this question . The last part of my answer perfectly answers this question and is much more useful for future readers than answers provided here. That's why I am answering my own question. PHP has features that

Short version Can I replace source(filename, local = TRUE, encoding = 'UTF-8') with eval(parse(filename, encoding = 'UTF-8')) without any risk of breakage, to make UTF-8 source files work on Windows? Long version I am currently loading specific source files via source(filename, local = TRUE, encoding = 'UTF-8') However, it is well known that this does not work on Windows , full stop. As a workaround, Joe Cheng suggested using instead eval(parse(filename, encoding = 'UTF-8')) This seems to work quite well 1 but even after consulting the source code of source , I don’t understand how they differ

Looking into Kohana documentation, i found this really usefull function that they use to get values from a multidimensional array using a dot notation, for example: $foo = array('bar' => array('color' => 'green', 'size' => 'M')); $value = path($foo, 'bar.color', NULL , '.'); // $value now is 'green' Im wondering if there is a way to set the an array value in the same way: set_value($foo, 'bar.color', 'black'); The only way i found to do that is re-building the array notation ($array['bar']['color']) and then set the value.. using eval . Any idea to avoid eval? function set_val(array &$arr,

I've been working on a JS library and would like to setup a demo page on Github that allows, for example, users to define their own callbacks and execute commands. I know " eval() is evil" and I can see how blind eval() of scripts could lead to XSS and other security issues. I'm trying to cook up some alternative schemes. I really enjoy the interactivity of jsFiddle. I've taken a look at their source but was hoping someone could lay out here how jsFiddle allows and executes user-defined JavaScript without being dangerous. So long as it doesn't involve a 3rd party echo server, I'm hoping I can

{'width': 100,'height': 200}; /*JS的对象 */ { "width": 100, "height": 200, "name": "rose"}; /*JSON格式的JavaScript对象 */ '{ "width": 100, "height": 200, "name": "rose"}'; /*JSON格式的字符串 */ 由于 JSON 语法是 JavaScript 语法的子集，JavaScript 函数 eval() 可用于将 JSON 文本转换为 JavaScript 对象。 eval() 函数使用的是 JavaScript 编译器，可解析 JSON 文本，然后生成 JavaScript 对象。必须把文本包围在括号中，这样才能避免语法错误： var obj = eval ("(" + txt + ")"); 在网页中使用 JavaScript 对象： var txt = '{ "sites" : [' + '{ "name":"a" , "url":"com" },' + '{ "name":"google" , "url":"com" },' + '{ "name":"微博" , "url":"com" } ]}'; var obj = eval ("(" + txt + ")"); 区别 Json Javascript对象 含义

I understand about how eval() works in non-strict contexts, however the case of using eval() in strict mode has completely befuddled me. When eval() is called directly in the global scope, variables are kept inside the new eval() scope: 'use strict'; eval('var a = 1;'); console.log(a); // ReferenceError: a is not defined However, if I perform an indirect call to eval() in the global scope (should be the same thing, right?), it acts as though it is not in strict mode (if you don't believe me, see this JSFiddle ): 'use strict'; (0, eval)('var a = 1;'); // indirect call to eval console.log(a); //