Search completed in 0.86 seconds.
eval() - JavaScript
it is far too easy for a bad actor to run arbitrary code when you use
eval().
... see never use
eval()!, below.
... the
eval() function evaluates javascript code represented as a string.
...And 33 more matches
uneval() - JavaScript
the un
eval() function creates a string representation of the source code of an object.
... description un
eval() is a top-level function and is not associated with any object.
Downloading JSON and JavaScript in extensions - Archive of obsolete content
once the content has been downloaded, the extension authors proceed to use
eval() to decode the string content into javascript objects.
... downloading json if the extension is downloading json, then the developer should be using one of the json decoding methods discussed here and not using
eval() at all.
...use the json decoders, not
eval()!
Appendix C: Avoiding using eval in Add-ons - Archive of obsolete content
if it cannot be easily proven that an
eval() call is benign and necessary because there are no viable alternatives, a mozilla add-ons gallery reviewer will generally reject the submission!
... overriding/extending/amending existing objects (or object properties) again, you might be tempted to un
eval(), string replace and
eval() existing objects to override them (or at least some properties).
... myaddon.phrases["word" + word] = "phrase"; if there is no way around
eval()...
Functions - JavaScript
for example, the following function definition defines myfunc only if num equals 0: var myfunc; if (num === 0) { myfunc = function(theobject) { theobject.make = 'toyota'; } } in addition to defining functions as described here, you can also use the function constructor to create functions from a string at runtime, much like
eval().
...thus, in the following code, the this within the function that is passed to setinterval has the same value as this in the enclosing function: function person() { this.age = 0; setinterval(() => { this.age++; // |this| properly refers to the person object }, 1000); } var p = new person(); predefined functions javascript has several top-level, built-in functions:
eval() the
eval() method evaluates javascript code represented as a string.
... un
eval() the un
eval() method creates a string representation of the source code of an object.
Index - Archive of obsolete content
once the content has been downloaded, the extension authors proceed to use
eval() to decode the string content into javascript objects.
... 2070 object.prototype.
eval() javascript, method, object, obsolete the object.
eval() method used to evaluate a string of javascript code in the context of an object, however, this method has been removed.
jsdIStackFrame
makes
eval() use the last object on its 'obj' param's scope chain as the ecma 'variables object'.
... methods
eval() evaluate arbitrary javascript in this stack frame.
Using Web Workers - Web APIs
so for example, suppose a document is served with the following header: content-security-policy: script-src 'self' among other things, this will prevent any scripts it includes from using
eval().
... however, if the script constructs a worker, code running in the worker's context will be allowed to use
eval().
CSP: script-src - HTTP
'unsafe-eval' allows the use of
eval() and similar methods for creating code from strings.
...if 'unsafe-eval' isn't specified with the script-src directive, the following methods are blocked and won't have any effect:
eval() function() when passing a string literal like to methods like: window.settimeout("alert(\"hello world!\");", 500); window.settimeout window.setinterval window.setimmediate window.execscript (ie < 11 only) strict-dynamic the 'strict-dynamic' source expression specifies that the trust explicitly given to a script present in the markup, by accompanying it with a nonce or a h...
Property accessors - JavaScript
eval javascript novices often make the mistake of using
eval() where the bracket notation can be used instead.
... x = eval('document.forms.form_name.elements.' + strformcontrol + '.value')
eval() is slow and should be avoided whenever possible.
Modules - Archive of obsolete content
the use of
eval() will probably not be of concern because it is only being used on the exported_symbols array which should not depend on user input.
E4X for templating - Archive of obsolete content
0]}</description>, function _else () <label>no data</label> )} note that the simple xmllist() constructor (<></>) may be useful to still be able to use an expression closure (i.e., without needing return statements and braces): {_if(elems.length(), function () <> <markup/> <markup/> </>)} note that, while it is convenient to store such e4x in separate file templates (to be
eval()d at a later time, taking into account security considerations, such as escaping with the above), e4x content using such functions can also be easily serialized inline (and then perhaps converted to the dom) as needed: var list = <>{_if(elems.length(), function () <> <markup/> <markup/> </>)}</>.toxmlstring(); iterating functions such as the following foreach (which can work with ...
New in JavaScript 1.4 - Archive of obsolete content
new features in javascript 1.4 exception handling (throw and try...catch) in operator instanceof operator changed functionality in javascript 1.4
eval() changes (cannot be called indirectly and no longer a method of object) arguments not a property of functions deprecated function.arity in favor of function.length changes to liveconnect ...
Archived JavaScript Reference - Archive of obsolete content
count of enumerable properties on the object, but it has been removed.object.prototype.__nosuchmethod__the __nosuchmethod__ property used to reference a function to be executed when a non-existent method is called on an object, but this function is no longer available.object.prototype.__parent__the __parent__ property used to point to an object's context, but it has been removed.object.prototype.
eval()the object.
eval() method used to evaluate a string of javascript code in the context of an object, however, this method has been removed.object.prototype.unwatch()the unwatch() method removes a watchpoint set with the watch() method.object.prototype.watch()the watch() method watches for a property to be assigned a value and runs a function when that occurs.object.unobserve()the object.unobserve() ...
JSPrincipals
these functions ensure that the given jsprincipals object is indelibly associated not only with the script being compiled or evaluated, but with all functions ever created by that script or code
eval()-ed by it.
JS_GetSecurityCallbacks
op checkobjectaccess; // obsolete since jsapi 29 jsprincipalstranscoder principalstranscoder; // obsolete since jsapi 13 jsobjectprincipalsfinder findobjectprincipals; // obsolete since jsapi 13 }; name type description contentsecuritypolicyallows jscspevalchecker a pointer to the function which checks if a csp instance wants to disable
eval() and friends.
SpiderMonkey 1.8
two new context options can be used with js_setoptions: jsoption_relimit, which causes extremely long-running regular expression searches to fail with an error, and jsoption_anonfunfix, which bans anonymous functions from appearing anyplace where a statement could appear, such as in the argument to
eval().
Index
makes
eval() use the last object on its 'obj' param's scope chain as the ecma 'variables object'.
Index - Firefox Developer Tools
120 debug eval sources you can debug javascript code that is evaluated dynamically, either as a string passed to
eval() or as a string passed to the function constructor.
CSP: base-uri - HTTP
'unsafe-eval' allows the use of
eval() and similar methods for creating code from strings.
CSP: child-src - HTTP
'unsafe-eval' allows the use of
eval() and similar methods for creating code from strings.
CSP: font-src - HTTP
'unsafe-eval' allows the use of
eval() and similar methods for creating code from strings.
CSP: frame-src - HTTP
'unsafe-eval' allows the use of
eval() and similar methods for creating code from strings.
CSP: img-src - HTTP
'unsafe-eval' allows the use of
eval() and similar methods for creating code from strings.
CSP: media-src - HTTP
'unsafe-eval' allows the use of
eval() and similar methods for creating code from strings.
CSP: object-src - HTTP
'unsafe-eval' allows the use of
eval() and similar methods for creating code from strings.
CSP: style-src - HTTP
'unsafe-eval' allows the use of
eval() and similar methods for creating code from strings.
CSP: worker-src - HTTP
'unsafe-eval' allows the use of
eval() and similar methods for creating code from strings.
Error.prototype.stack - JavaScript
ple.html:19 @file:///c:/example.html:21 firefox 13 and earlier would instead produce the following text: error("myerror")@:0 trace()@file:///c:/example.html:9 b(3,4,"\n\n",(void 0),[object object])@file:///c:/example.html:16 a("first call, firstarg")@file:///c:/example.html:19 @file:///c:/example.html:21 stack of eval'ed code starting with firefox 30, the error stack of code in function() and
eval() calls, now produces stacks with more detailed information about the line and column numbers inside these calls.
Error - JavaScript
evalerror creates an instance representing an error that occurs regarding the global function
eval().
String - JavaScript
let s_prim = 'foo' let s_obj = new string(s_prim) console.log(typeof s_prim) // logs "string" console.log(typeof s_obj) // logs "object" string primitives and string objects also give different results when using
eval().
globalThis - JavaScript
you can also use function('return this')(), but environments that disable
eval(), like csp in browsers, prevent use of function in this way.
Standard built-in objects - JavaScript
eval() un
eval() isfinite() isnan() parsefloat() parseint() encodeuri() encodeuricomponent() decodeuri() decodeuricomponent() deprecated escape() unescape() fundamental objects these are the fundamental, basic objects upon which all other objects are based.
Strict mode - JavaScript
all these attempts to do so are syntax errors: 'use strict'; eval = 17; arguments++; ++eval; var obj = { set p(arguments) { } }; var eval; try { } catch (arguments) { } function x(eval) { } function arguments() { } var y = function
eval() { }; var f = new function('arguments', "'use strict'; return 17;"); second, strict mode code doesn't alias properties of arguments objects created within it.
JavaScript reference - JavaScript
value properties infinity nan undefined globalthis function properties
eval() isfinite() isnan() parsefloat() parseint() decodeuri() decodeuricomponent() encodeuri() encodeuricomponent() fundamental objects object function boolean symbol error objects error aggregateerror evalerror internalerror rangeerror referenceerror syntaxerror typeerror urierror numbers & dates number bigint math date text processing string regexp indexed collections array int8arra...