eval

问题 This question already has answers here : How do I safely “eval” user code in a webpage? (4 answers) Closed 5 years ago . I need to eval() the code inside my page because I am working on something jsFiddle-like. Since eval has such a bad reputation, how can I interpret the user input code safely and securely? Or as safely and securely as possible? 回答1: I would suggest you have a look at the following resources: https://code.google.com/p/jsreg/ https://www.owasp.org/index.php/OWASP_JavaScript

问题 I'm reading Peter Norvig's Paradigms of AI . In chapter 6.2, the author uses code like below ( not the original code, I picked out the troubling part ): Code Snippet: (progv '(op arg) '(1+ 1) (eval '(op arg))) As the author's original intent, this code should return 2 , but in sbcl 1.1.1 , the interpreter is apparently not looking up op in the environment, throwing out op: undefined function . Is this implementation specific? Since the code must have been tested on some other lisp. p.s

问题 I have thought a lot about how I should include files in my backbone.js-application. In production, I am obviously going to join my files and minimize them to keep requests at a minimum, but during development, it would be nice to just have all files loaded and not having to call a buildscript for every little change. So I have taken a look at jQuery 's getScript() -method. I tried it out and were able to load my files. As I've put the getScript -call into a function, to ensure that files are

问题 I'm using this code to evaluate mathematical expressions from strings. And it works: #!/usr/bin/env python from __future__ import division from math import * expression = raw_input() # Math functions safe_list = ['math', 'factorial', 'acos', 'asin', 'atan', 'atan2', 'ceil', 'cos', 'cosh', 'degrees', 'e', 'exp', 'fabs', 'floor', 'fmod', 'hypot', 'log', 'log10', 'modf', 'pi', 'pow', 'radians', 'sin', 'sinh', 'sqrt', 'tan', 'tanh'] # Create safe directory safe_dict = dict([(key, locals().get(key

问题 There is a question with the same title like this on stackoverflow here, but I wanted to ask if it is possible to do something similar to this in Java. I wanted to make something similar to desmos, just like that guy did in Javascript,but i want to make it in Java using lwjgl 2. I am new to Java and I'd like to know if it is possible to convert a piece of string into a method. Is it possible? I have looked for possible options and I found out that your can make your own Java eval() method.

问题 Are there any alternatives to using eval to immediatly run remote & trusted javascript code. function load(filePath) { var o = $.ajax({ url: filePath, dataType: 'html', async: false }); eval(o.responseText); } load("somePath"); // run a function that relies on the code from o.responseText being loaded doSomethingWithCode(); I'm aware that synchronous loading of javascript is adviced againts. But if there is no choice are there any cross browser alternatives for the use of eval above. [Edit]

问题 Most advanced uses of git for-each-ref that I've come across involve eval . For instance, the last example in the git-for-each-ref man page uses eval in order to execute the contents of the fmt variable: #!/bin/sh fmt=' r=%(refname) # ... omitted, for conciseness ... ' eval=`git for-each-ref --shell --format="$fmt" \ # ... omitted, for conciseness ... refs/tags` eval "$eval" However, the use of eval is associated with security risks; avoiding it, whenever possible, is considered good practice

问题 Is there a way to cache a PHP include effectively for reuse, without APC, et al? Simple ( albeit stupid ) example: // rand.php return rand(0, 999); // index.php $file = 'rand.php'; while($i++ < 1000){ echo include($file); } Again, while ridiculous, this pair of scripts dumps 1000 random numbers. However, for every iteration, PHP has to hit the filesystem ( Correct? There is no inherit caching functionality I've missed, is there? ) Basically, how can I prevent the previous scenario from

问题 I'm trying to execute some code inside a string in runtime. I.E. Dim code As String = "IIf(1 = 2, True, False)" How do i run the code inside code string ? 回答1: As @ElektroStudios said - the proper way to do this is to use the CodeDom compiler, but this is a bit overkill for something as simple as this. You can sort of cheat and harness the power of a DataColumn Expression So for example: Dim formula = "IIF(Condition = 'Yes', 'Go', 'Stop')" Dim value As String = "Yes" Dim result As String 'add

问题 I'm trying to remove eval from the following function. I tried with sprintf and ${} , but still cannot find a solution. Here the function: function parseDbString(string $value = 'Looking for a good {{ $pippo }}'){ $pippo='Pizza'; return preg_replace_callback('/{{(.*?)}}/', function($res) use ($pippo) { // $val=${trim($res[1])}; Returns "Undefined variable: $pippo" $val=@eval("return ".trim($res[1]).";"); // Returns "Looking for a good Pizza" return isset($val) ? $val : $res[0]; },$value); }