eval

Quick Question. Eval in JavaScript is unsafe is it not? I have a JSON object as a string and I need to turn it into an actual object so I can obtain the data: function PopulateSeriesFields(result) { data = eval('(' + result + ')'); var myFakeExample = data.exampleType } If it helps I am using the $.ajax method from jQuery. Thanks Well, safe or not, when you are using jQuery, you're better to use the $.getJSON() method, not $.ajax(): $.getJSON(url, function(data){ alert(data.exampleType); }); eval() is usually considered safe for JSON parsing when you are only communicating with your own server

We all know that eval is dangerous , even if you hide dangerous functions, because you can use Python's introspection features to dig down into things and re-extract them. For example, even if you delete __builtins__ , you can retrieve them with [c for c in ().__class__.__base__.__subclasses__() if c.__name__ == 'catch_warnings'][0]()._module.__builtins__ However, every example I've seen of this uses attribute access. What if I disable all builtins, and disable attribute access (by tokenizing the input with a Python tokenizer and rejecting it if it has an attribute access token)? And before

I would like to have the ability to let users submit arbitrary JavaScript code, which is then sent to a Node.JS server and safely executed before the output is sent back to multiple clients (as JSON). The eval function comes to mind, but I know this has multiple security concerns (the user submitted code would be able to access Node's File API, etc). I have seen some projects like Microsoft Web Sandbox and Google Caja which allow execution of sanitized markup and script (for embedding third-party ads on websites), but it seems that these are client-side tools and I'm not sure if they can be

Can anyone show me some absolutely minimal ASP.NET code to understand Eval() and Bind() ? It is best if you provide me with two separate code-snippets or may be web-links. For read-only controls they are the same. For 2 way databinding, using a datasource in which you want to update, insert, etc with declarative databinding, you'll need to use Bind . Imagine for example a GridView with a ItemTemplate and EditItemTemplate . If you use Bind or Eval in the ItemTemplate , there will be no difference. If you use Eval in the EditItemTemplate , the value will not be able to be passed to the Update

批量杀php小马脚本 find /home/hatdot/ -name "*.php" |xargs egrep "phpspy|c99sh|milw0rm|eval\(gunerpress|eval\(base64_decoolcode|spider_bc">>/tmp/test.txt grep -r -include=*.php '[^a-z]eval($_POST' . >> /tmp/test.txt grep -r -include=*.php 'file_put_contents(.*$_POST\[ .*\ ]);' . >> /tmp/test.txt find /home/hatdot/ -name "*.php" -type f -print 0 | xargs -0 egrep "(phpspy|c99sh|milw0rm|eval\(gzuncompress\(base64_decoolcode|eval\(base64_decoolcode|spider_bc|gzinflate)" | awk -F: '{print $1}' | sort | uniq >> /tmp/test.txt python批量杀php小马 #!/usr/bin/python # -*- coding: utf-8 -*- #blog:www.sinesafe.com

　Fel是开放的，引擎执行中的多个模块都可以扩展或替换。Fel的执行主要是通过函数实现,运算符(+、-等都是Fel函数），所有这些函数都是可以替换的，扩展函数也非常简单。 Fel有双引擎，同时支持解释执行和编译执行。可以根据性能要求选择执行方式。编译执行就是将表达式编译成字节码（生成java代码和编译模块都是可以扩展和替换的） 　FEL可以进行算数运算以及逻辑运算，也可以调用类的静态方法、非静态方法。 只需要一个jar包: 1. 简单使用 1. 简单计算 private static void calculate() { // 算数运算 FelEngine fel = new FelEngineImpl(); Object result = fel.eval("1.5898*1+75"); System.out.println(result); // 逻辑运算 Object result2 = fel.eval("1 == 2 || '1'.equals('1')"); System.out.println(result2); } 结果: 76.5898 true 2. 变量用法 private static void variables() { // 变量 FelEngine fel = new FelEngineImpl(); FelContext ctx = fel