eval | 易学教程

What specifically are the dangers of eval(parse(…))?

阅读更多关于 What specifically are the dangers of eval(parse(…))?

问题 There are several questions on how to avoid using eval(parse(...)) r-evalparse-is-often-suboptimal avoiding-the-infamous-evalparse-construct Which sparks the questions: Why Specifically should eval(parse()) be avoided? And most importantly, What are the dangers? Are there any dangerous if the code is not used in production? (I\'m thinking, any danger of getting back unintended results. Clearly if you are not careful about what you are parsing, you will have issues. But is that any more

What's the difference between eval, exec, and compile?

阅读更多关于 What's the difference between eval, exec, and compile?

问题 I\'ve been looking at dynamic evaluation of Python code, and come across the eval() and compile() functions, and the exec statement. Can someone please explain the difference between eval and exec , and how the different modes of compile() fit in? 回答1: The short answer, or TL;DR Basically, eval is used to eval uate a single dynamically generated Python expression, and exec is used to exec ute dynamically generated Python code only for its side effects. eval and exec have these two differences

Executing <script> elements inserted with .innerHTML

阅读更多关于 Executing elements inserted with .innerHTML

问题 I\'ve got a script that inserts some content into an element using innerHTML . The content could for example be: <script type=\"text/javascript\">alert(\'test\');</script> <strong>test</strong> Problem is that the code inside the <script> tag doesn\'t get executed. I googled it a bit but there were no apparent solutions. If I inserted the content using jQuery $(element).append(content); the script parts got eval \'d before being injected into the DOM. Has anyone got a snippet of code that

Evaluate expression given as a string

阅读更多关于 Evaluate expression given as a string

问题 I\'m curious to know if R can use its eval() function to perform calculations provided by e.g. a string. This is a common case: eval(\"5+5\") However, instead of 10 I get: [1] \"5+5\" Any solution? 回答1: The eval() function evaluates an expression, but "5+5" is a string, not an expression. Use parse() with text=<string> to change the string into an expression: > eval(parse(text="5+5")) [1] 10 > class("5+5") [1] "character" > class(parse(text="5+5")) [1] "expression" Calling eval() invokes many

Using python's eval() vs. ast.literal_eval()?

阅读更多关于 Using python's eval() vs. ast.literal_eval()?

问题 I have a situation with some code where eval() came up as a possible solution. Now I have never had to use eval() before but, I have come across plenty of information about the potential danger it can cause. That said, I\'m very wary about using it. My situation is that I have input being given by a user: datamap = raw_input(\'Provide some data here: \') Where datamap needs to be a dictionary. I searched around and found that eval() could work this out. I thought that I might be able to check

Why should eval be avoided in Bash, and what should I use instead?

阅读更多关于 Why should eval be avoided in Bash, and what should I use instead?

问题 Time and time again, I see Bash answers on Stack Overflow using eval and the answers get bashed, pun intended, for the use of such an \"evil\" construct. Why is eval so evil? If eval can\'t be used safely, what should I use instead? 回答1: There's more to this problem than meets the eye. We'll start with the obvious: eval has the potential to execute "dirty" data. Dirty data is any data that has not been rewritten as safe-for-use-in-situation-XYZ; in our case, it's any string that has not been

When is eval evil in php?

阅读更多关于 When is eval evil in php?

问题 In all the years I have been developing in php, I\'ve always heard that using eval() is evil. Considering the following code, wouldn\'t it make sense to use the second (and more elegant) option? If not, why? // $type is the result of an SQL statement // e.g. SHOW COLUMNS FROM a_table LIKE \'a_column\'; // hence you can be pretty sure about the consistency // of your string $type = \"enum(\'a\',\'b\',\'c\')\"; // possibility one $type_1 = preg_replace(\'#^enum\\s*\$\\s*\\\'|\\\'\\s*\$\\s*$#\

Is there an eval() function in Java?

阅读更多关于 Is there an eval() function in Java?

问题 I have a string like the following: String str = \"4*5\"; Now I have to get the result of 20 by using the string. I know in some other languages the eval() function will do this. How can I do this in Java? 回答1: You can use the ScriptEngine class and evaluate it as a Javascript string. ScriptEngineManager manager = new ScriptEngineManager(); ScriptEngine engine = manager.getEngineByName("js"); Object result = engine.eval("4*5"); There may be a better way, but this one works. 回答2: There is no

Why is using 'eval' a bad practice?

阅读更多关于 Why is using 'eval' a bad practice?

问题 I am using the following class to easily store data of my songs. class Song: \"\"\"The class to store the details of each song\"\"\" attsToStore=(\'Name\', \'Artist\', \'Album\', \'Genre\', \'Location\') def __init__(self): for att in self.attsToStore: exec \'self.%s=None\'%(att.lower()) in locals() def setDetail(self, key, val): if key in self.attsToStore: exec \'self.%s=val\'%(key.lower()) in locals() I feel that this is just much more extensible than writing out an if/else block. However,

(1, eval)('this') vs eval('this') in JavaScript?

阅读更多关于 (1, eval)('this') vs eval('this') in JavaScript?

I start to read JavaScript Patterns , some codes confused me. var global = (function () { return this || (1, eval)('this'); }()); Here are my questions: Q1: (1, eval) === eval ? Why and how does it work? Q2: Why not just var global = (function () { return this || eval('this'); }()); or var global = (function () { return this; }()); The difference between (1,eval) and plain old eval is that the former is a value and the latter is an lvalue. It would be more obvious if it were some other identifier: var x; x = 1; (1, x) = 1; // syntax error, of course! That is (1,eval) is an expression that