eval

Most advanced uses of git for-each-ref that I've come across involve eval . For instance, the last example in the git-for-each-ref man page uses eval in order to execute the contents of the fmt variable: #!/bin/sh fmt=' r=%(refname) # ... omitted, for conciseness ... ' eval=`git for-each-ref --shell --format="$fmt" \ # ... omitted, for conciseness ... refs/tags` eval "$eval" However, the use of eval is associated with security risks ; avoiding it, whenever possible, is considered good practice. Here is a real example, adapted from this answer : #!/bin/sh fmt=' ref=%(refname:short) if git merge

Since getting started in Dart I've been watching for a way to execute Dart (Text) Source (that the same program may well be generating dynamically) as Code. Like the infamous "eval()" function. Recently I have caught a few hints that the communication port between Isolates support some sort of "Spawn" that seems like it could allow this "trick". In Ruby there is also the possibility to load a module dynamically as a language feature, perhaps there is some way to do this in Dart? Any clues or a simple example will be greatly appreciated. Thanks in advance! Ladislav Thon provided this answer (on

I'm trying to write a bash script that takes an environment variable and passes it along to a command. So if I had something like: export OUT="-a=arg1 -b=\"arg2.0 arg2.1\"" I want in my bash script to do something like: <command> -a=arg1 '-b=arg2.0 arg2.1' I have one approach that seems to do this, but it involves using eval: eval <command> ${OUT} If I include set -x right about the command, I will see: + eval <command> a=arg1 'b="arg2.0' 'arg2.1"' ++ <command> -a=arg1 '-b=arg2.0 arg.1' However, I've poked around the dangers of using eval and since this will be taking the arguments from user

We have a system that has to perform calculations that user input provides. The easiest way I have found to do one of those calculations is eval -- trying to figure out a parser for: (3 + 6 ) / 2 + 27 * 5 / 2 Just seems difficult. If anyone has a solution to this -- I would be happy to hear it. Assuming you are going with EVAL (I know its the dreaded function) it would be a major insecurity to allow them to type whatever they want in that box. So, I pose the question, if I did a regex removing everything besides numbers, standard operators (+ - / *) and parentheses, something like $equation =

Are there any alternatives to using eval to immediatly run remote & trusted javascript code. function load(filePath) { var o = $.ajax({ url: filePath, dataType: 'html', async: false }); eval(o.responseText); } load("somePath"); // run a function that relies on the code from o.responseText being loaded doSomethingWithCode(); I'm aware that synchronous loading of javascript is adviced againts. But if there is no choice are there any cross browser alternatives for the use of eval above. [Edit] To clarify in more detail the code being loaded is a self executing function. Which needs to execute

I'm trying to remove eval from the following function. I tried with sprintf and ${} , but still cannot find a solution. Here the function: function parseDbString(string $value = 'Looking for a good {{ $pippo }}'){ $pippo='Pizza'; return preg_replace_callback('/{{(.*?)}}/', function($res) use ($pippo) { // $val=${trim($res[1])}; Returns "Undefined variable: $pippo" $val=@eval("return ".trim($res[1]).";"); // Returns "Looking for a good Pizza" return isset($val) ? $val : $res[0]; },$value); } So, yes, eval() is often detested as one of the highest order "evils" in php. In most cases, when a task