Restricting eval() to a narrow scope

前端未结

关注

 8  2150

误落风尘 2020-11-27 04:51

I have a javascript file that reads another file which may contain javascript fragments that need to be eval()-ed. The script fragments are supposed to conform to a strict s

8条回答

时光取名叫无心 (楼主)

2020-11-27 05:31

Similar to the dynamic function wrapping script in a with block approach above, this allows you to add pseudo-globals to the code you want to execute. You can "hide" specific things by adding them to the context.

function evalInContext(source, context) {
    source = '(function(' + Object.keys(context).join(', ') + ') {' + source + '})';

    var compiled = eval(source);

    return compiled.apply(context, values());

    // you likely don't need this - use underscore, jQuery, etc
    function values() {
        var result = [];
        for (var property in context)
            if (context.hasOwnProperty(property))
                result.push(context[property]);
        return result;
    }
}

See http://jsfiddle.net/PRh8t/ for an example. Note that Object.keys is not supported in all browsers.

0 讨论(0)

查看其它8个回答