eval

Eval() = Unexpected token : error

不羁的心 提交于 2019-12-29 04:36:11
问题 I tried this simple JavaScript code: eval('{"Topics":["toto","tata","titi"]}') In the Chrome console, for example, this returns SyntaxError: Unexpected token : I tried the JSON on JSONLint and it's valid. Do you see the bug? 回答1: FWIW, use JSON.parse instead. Safer than eval . 回答2: You have to write like this eval('('+stingJson+')' ); to convert an string to Object Hope I help! 回答3: Because eval does not force an expression context and the string provided is an invalid JavaScript program,

How do you evaluate a string as a clojure expression?

房东的猫 提交于 2019-12-28 16:30:43
问题 How would I get something similar to the following?: (evaluate-text "(+ 1 2)") ; resolves to 3 回答1: (load-string "(+ 1 2)") 回答2: user> (eval (read-string "(+ 1 2)")) 3 You probably shouldn't ever need to do this. Macros and fns make this kind of thing unnecessary 99% of the time. This is quite brittle, and can be unsafe if these strings are coming from user input, and so on. 回答3: How similar does it have to be? Clojure's eval works on lists, so: (eval (list + 1 2)) #=> 3 来源: https:/

8、命令执行与代码执行

天大地大妈咪最大 提交于 2019-12-28 08:45:09
8 RCE (remote command/code execute) 远程系统命令执行、远程代码执行 远程命令执行 系统函数实现远程命令执行 命令执行符号: 短路与&&:前者为真,才执行后边;前边为假,都不执行 逻辑与 &:无论前边真假,都执行 短路或 ||:前者为真,后者不执行;前者为假,后者执行 逻辑或 |:无论前边真假,都执行 成因 应用调用函数执行系统命令时,将用户的输入作为系统命令的参数拼接到命令行中,在没有过滤用户输入的情况下,造成命令执行漏洞。 漏洞危害 ·继承web服务器程序的权限执行系统命令、读写文件 ·反弹shell ·控制整个网站 相关函数 PHP中可调用外部程序的常见函数 system(args)(有回显) passthru(args)(有回显) exec(args)(回显最后一行,必须echo输出) shell exec(args)(无回显,必须输出) `` 反引号 popen(handle,mode)(无回显) proc open(‘cmd’,’flag’,’flag’)(无回显) 修复方案/ 防御方法 能用脚本解决的工作,不调用其他程序处理,尽量少用执行命令的函数,并在disable_functions中禁用 进入命令执行的函数或者方法之前,对参数进行过滤 参数的值尽量用引号包裹(单引号变量不解析),并在拼接前调用addslashes进行转义

Accessing or creating nested JavaScript objects with string key without eval

那年仲夏 提交于 2019-12-28 06:53:09
问题 I am looking for a nice solution to access a property by string value, but if the property does not exist it should create it. If the root structure already has defined some parts of the structure, the attributes should not be overwritten, but merged instead. For example if you have an empty object test and you want to set a deep structure without using eval. e.g. test = {} test.foo.name = "Hallo" // <<- foo is an Object test.foo[3] = "Test" // <<- foo should remain as Object, not as Array

PHP: Equivalent of include using eval

◇◆丶佛笑我妖孽 提交于 2019-12-28 06:19:27
问题 If the code is the same, there appears to be a difference between: include 'external.php'; and eval('?>' . file_get_contents('external.php') . '<?php'); What is the difference? Does anybody know? I know the two are different because the include works fine and the eval gives an error. When I originally asked the question, I wasn't sure whether it gave an error on all code or just on mine (and because the code was eval ed, it was very hard to find out what the error meant). However, after

What's the main benefit of using eval() in JavaScript?

放肆的年华 提交于 2019-12-28 05:16:14
问题 I know this may be a newbie question, but I'm curious as to the main benefit of eval() - where would it be used best? I appreciate any info. 回答1: The eval function is best used: Never. It's purpose is to evaluate a string as a Javascript expression. Example: eval('x = 42'); It has been used a lot before, because a lot of people didn't know how to write the proper code for what they wanted to do. For example when using a dynamic name for a field: eval('document.frm.'+frmName).value = text; The

Is there ever a good reason to use eval()?

对着背影说爱祢 提交于 2019-12-28 04:22:07
问题 It seems to me that eval() is treated with the same disdain that goto is. And by eval , I mean a function for executing a string as code, as seen in PHP, Python, JavaScript, etc. Is there ever a situation where using eval() is justified (except perl)? And if not, why do so many languages implement it? 回答1: Yes - when there is no other way to accomplish the given task with a reasonable level of clarity and within a reasonable number of lines of code. This eliminates 99% of cases where eval is

How to create an object from a string in Java (how to eval a string)?

送分小仙女□ 提交于 2019-12-28 04:10:07
问题 I know eval is "evil", but I'm using it in a way that the user can't ever abuse it. Let's say I've got a string "new Integer(5)". I want to do something such that I can set a variable, let's say foo, to new Integer(5). Something like Integer foo; String bar = "new Integer(5)" *magic happens* System.out.println(foo) -> 5 I've looked around and it looks like I have a few options. Can the getSystemJavaCompiler() method in ToolProvider do this? Or should I use BeanShell? Or is there something

Puppeteer: 更友好的 Headless Chrome Node API

我的未来我决定 提交于 2019-12-27 17:47:21
很早很早之前,前端就有了对 headless 浏览器的需求,最多的应用场景有两个 UI 自动化测试:摆脱手工浏览点击页面确认功能模式 爬虫:解决页面内容异步加载等问题 也就有了很多杰出的实现,前端经常使用的莫过于 PhantomJS 和 selenium-webdriver ,但两个库有一个共性——难用!环境安装复杂,API 调用不友好,1027 年 Chrome 团队连续放了两个大招 Headless Chrome 和对应的 NodeJS API Puppeteer ,直接让 PhantomJS 和 Selenium IDE for Firefox 作者悬宣布没必要继续维护其产品 Puppeteer 如同其 github 项目介绍:Puppeteer 是一个通过 DevTools Protocol 控制 headless chrome 的 high-level Node 库,也可以通过设置使用 非 headless Chrome 我们手工可以在浏览器上做的事情 Puppeteer 都能胜任 生成网页截图或者 PDF 爬取大量异步渲染内容的网页,基本就是人肉爬虫 模拟键盘输入、表单自动提交、UI 自动化测试 官方提供了一个 playground ,可以快速体验一下。关于其具体使用不在赘述,官网的 demo 足矣让完全不了解的同学入门 const puppeteer =

When is `eval` in Ruby justified?

笑着哭i 提交于 2019-12-27 17:37:21
问题 "Is 'eval' supposed to be nasty?" inspired this one: Mostly everybody agrees that eval is bad, and in most cases there is more elegant/safer replacement. So I wanted to ask: if eval is misused that often, is it really needed as a language feature? Is it doing more evil than good? Personally, the only place I find it useful is to interpolate strings provided in config file. Edit: The intention of this question is to get as many real-life cases as possible when eval is the only or the best
订阅 eval