eval | 易学教程

Indirect variable assignment in bash

阅读更多关于 Indirect variable assignment in bash

问题 Seems that the recommended way of doing indirect variable setting in bash is to use eval : var=x; val=foo eval $var=$val echo $x # --> foo The problem is the usual one with eval : var=x; val=1$\'\\n\'pwd eval $var=$val # bad output here (and since it is recommended in many places, I wonder just how many scripts are vulnerable because of this...) In any case, the obvious solution of using (escaped) quotes doesn\'t really work: var=x; val=1\\\"$\'\\n\'pwd\\\" eval $var=\\\"$val\\\" # fail with

Calculate string value in javascript, not using eval

阅读更多关于 Calculate string value in javascript, not using eval

问题 Is there a way to calculate a formula stored in a string in JavaScript without using eval ? Normally I would do something like var apa = \"12/5*9+9.4*2\"; alert(eval(apa)); So, does anyone know about alternatives to eval ? 回答1: This exactly the place where you should be using eval, or you will have to loop through the string and generate the numbers. You will have to use isNaN method to do it. 回答2: Mhh, you could use the Function -constructor: https://developer.mozilla.org/en-US/docs/Web

When is JavaScript's eval() not evil?

阅读更多关于 When is JavaScript's eval() not evil?

问题 I\'m writing some JavaScript code to parse user-entered functions (for spreadsheet-like functionality). Having parsed the formula I could convert it into JavaScript and run eval() on it to yield the result. However, I\'ve always shied away from using eval() if I can avoid it because it\'s evil (and, rightly or wrongly, I\'ve always thought it is even more evil in JavaScript, because the code to be evaluated might be changed by the user). So, when it is OK to use it? 回答1: I'd like to take a

Why is using the JavaScript eval function a bad idea?

阅读更多关于 Why is using the JavaScript eval function a bad idea?

问题 The eval function is a powerful and easy way to dynamically generate code, so what are the caveats? 回答1: Improper use of eval opens up your code for injection attacks Debugging can be more challenging (no line numbers, etc.) eval'd code executes slower (no opportunity to compile/cache eval'd code) Edit: As @Jeff Walden points out in comments, #3 is less true today than it was in 2008. However, while some caching of compiled scripts may happen this will only be limited to scripts that are eval

eval command in Bash and its typical uses

阅读更多关于 eval command in Bash and its typical uses

问题 After reading the bash man pages and with respect to this post. I am still having trouble understanding what exactly the eval command does and which would be its typical uses. For example if we do: bash$ set -- one two three # sets $1 $2 $3 bash$ echo $1 one bash$ n=1 bash$ echo ${$n} ## First attempt to echo $1 using brackets fails bash: ${$n}: bad substitution bash$ echo $($n) ## Second attempt to echo $1 using parentheses fails bash: 1: command not found bash$ eval echo \\${$n} ## Third

shell 命令行参数（getopt和getopts）

阅读更多关于 shell 命令行参数（getopt和getopts）

这里还有上一篇，这部分是基础： https://blog.51cto.com/steed/2443313 getopt 命令使用getopt命令，可以解析任何命令行选项和参数，但是用法比较复杂。getopt的命令用法如下： $ getopt --help 用法： getopt optstring parameters getopt [options] [--] optstring parameters getopt [options] -o|--options optstring [options] [--] parameters 选项： -a, --alternative 允许长选项以 - 开始 -h, --help 这个简短的用法指南 -l, --longoptions <长选项> 要识别的长选项 -n, --name <程序名> 将错误报告给的程序名 -o, --options <选项字符串> 要识别的短选项 -q, --quiet 禁止 getopt(3) 的错误报告 -Q, --quiet-output 无正常输出 -s, --shell <shell> 设置 shell 引用规则 -T, --test 测试 getopt(1) 版本 -u, --unquoted 不引用输出 -V, --version 输出版本信息 $ 用法一共有3种格式，下面都会用到。

Lookup shell variables by name, indirectly [duplicate]

阅读更多关于 Lookup shell variables by name, indirectly [duplicate]

问题 This question already has answers here : How to use a variable's value as another variable's name in bash [duplicate] (6 answers) Closed 2 years ago . Let\'s say I have a variable\'s name stored in another variable: myvar=123 varname=myvar now, I\'d like to get 123 by just using $varname variable. Is there a direct way for that? I found no such bash builtin for lookup by name, so came up with this: function var { v=\"\\$$1\"; eval \"echo \"$v; } so var $varname # gives 123 Which doesn\'t look

Python: make eval safe [duplicate]

阅读更多关于 Python: make eval safe [duplicate]

问题 This question already has an answer here: Python eval: is it still dangerous if I disable builtins and attribute access? 6 answers I want an easy way to do a \"calculator API\" in Python. Right now I don\'t care much about the exact set of features the calculator is going to support. I want it to receive a string, say \"1+1\" and return a string with the result, in our case \"2\" . Is there a way to make eval safe for such a thing? For a start I would do env = {} env[\"locals\"] = None env[\

Why does JavaScript's eval need parentheses to eval JSON data?

阅读更多关于 Why does JavaScript's eval need parentheses to eval JSON data?

问题 I\'ve learned (the hard way) that I need to add parentheses around JSON data, like this: stuff = eval(\'(\' + data_from_the_wire + \')\'); // where data_from_the_wire was, for example {\"text\": \"hello\"} (In Firefox 3, at least). What\'s the reason behind this? I hate writing code without understanding what´s behind the hood. 回答1: Putting the parentheses around data_from_the_wire is effectively equivalent to stuff = eval('return ' + data_from_the_wire + ';'); If you were to eval without the

Is 'eval' supposed to be nasty?

阅读更多关于 Is 'eval' supposed to be nasty?

问题 I have been using eval feature of ruby many a times. But I have heard people saying eval s are nasty. When asked, why and how, I could never get a convincing reason not to use it. Are they really nasty? If yes, in what way? What are possible \"safer\" options to eval? 回答1: If you are eval ing a string submitted by, or modifiable by the user, this is tantamount to allowing arbitrary code execution. Imagine if the string contained an OS call to rm -rf / or similar. That said, in situations