评估是邪恶的问题

发布于 2024-09-29 00:20:18 字数 529 浏览 3 评论 0原文

使用 JSlint 验证我的 JavaScript。

我收到一条错误消息,说 eval 是邪恶的!这是为什么?我可以使用其他替代方案吗?

这是我使用 eval 的示例,并且希望找到解决方法。

我有一个像这样的数组:

var Resources = {
message_1: 'Message 1',
message_2: 'Message 2',
message_3: 'Message 3',
message_4: 'Message 4'
};

我有一个函数 (functionResult),它返回一个数字,可以是 1、2、3 或 4。所以我想要在下面的代码行中执行的操作是获取数组中存在消息的资源以我的函数的结果结束。

$('#divPresenter').html(eval($.validator.format('Resources.message_{0}', functionResult)));

有什么想法可以删除 eval 并用其他东西替换吗?

Using JSlint to validate my javascript.

I am getting an error saying eval is evil! Why is this and is there an alternative I can use?

Here is an example of where I am using eval and would like a workaround for it.

I have an array like this:

var Resources = {
message_1: 'Message 1',
message_2: 'Message 2',
message_3: 'Message 3',
message_4: 'Message 4'
};

I have a function (functionResult) that returns a number, either 1, 2, 3 or 4. So what I want to do in the following line of code is get the Resource in the array that there message ends in the result of my function.

$('#divPresenter').html(eval($.validator.format('Resources.message_{0}', functionResult)));

Any ideas how I could remove eval and replace with something else?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(6

千と千尋 2024-10-06 00:20:18

而不是:

eval($.validator.format('Resources.message_{0}', functionResult))

只需使用:

Resources["message_" + functionResult]

JavaScript 中的所有对象实际上都是关联数组(也称为哈希),点语法 (ab) 只是用于在哈希中查找内容的语法糖 (a[ 'b'])。所以你根本不需要eval;只需将键构建为字符串,然后使用该键查找您的值。

Instead of:

eval($.validator.format('Resources.message_{0}', functionResult))

just use:

Resources["message_" + functionResult]

All objects in JavaScript are really associative arrays (aka hashes), and the dot syntax (a.b) is just syntactic sugar for looking something up in the hash (a['b']). So you don't need eval at all; just build the key as a string, and look up your value using that key.

∞觅青森が 2024-10-06 00:20:18

链接

大多数情况下,使用eval
就像大锤打苍蝇一样——
它完成了工作,但也
很大的力量。速度慢,不方便,
并且往往会放大伤害
你犯了一个错误。

Link

In the majority of cases, eval is used
like a sledgehammer swatting a fly --
it gets the job done, but with too
much power. It's slow, it's unwieldy,
and tends to magnify the damage when
you make a mistake.

多像笑话 2024-10-06 00:20:18

它是邪恶的,因为它允许您将字符串作为代码执行,而谁知道该字符串来自何处或包含什么。

是的,99.9% 的情况下,都有更好的替代方案(具体是什么取决于您使用 eval 的目的)。剩下的0.1%的时间,你真的别无选择,只能使用eval,在这种情况下,你需要极其谨慎。

It's evil because it lets you execute a string as code, and who knows where that string came from or what it contains.

And yes, 99.9% of the time, there are better alternatives (what exactly these are depends on what you're using eval for). The remaining 0.1% of the time, you really have no choice but to use eval, and in such cases, you need to be extremely cautious.

茶色山野 2024-10-06 00:20:18

JS Lint 融合了 Douglas Crockford 认为的 JavaScript 最佳实践。他强烈反对使用的函数之一是eval。我相信他认为这是缓慢且不安全的。

可能有许多潜在的替代方案,具体取决于所讨论的代码。如果您想发布使用 eval 的代码部分,我们可以提供更具体的建议。

JS Lint incorporates what Douglas Crockford considers to be the best practices for JavaScript. One of the functions he strongly discourages the use of is eval. I believe he considers it to be slow and insecure.

There could be many potential alternatives, depending on the code in question. If you'd like to post the section of your code which uses eval, we can give more specific advice.

冬天的雪花 2024-10-06 00:20:18

如果您尝试使用 eval 将字符串转换为 JSON 对象,也许可以尝试 JSON 解析器库(我从未使用过它,但看起来很合理)。

If you are trying to use eval to turn strings into JSON objects, perhaps try a JSON parser lib (I've never used it but it looks reasonable).

溺ぐ爱和你が 2024-10-06 00:20:18

我不完全清楚你在做什么,但看起来像
$('#divPresenter').html(eval($.validator.format('Resources.message_{0}', functionResult)));
可以写成
$('#divPresenter').html(Resources["message_" + functionResult]);

I'm not entirely clear on what you're doing, but it looks like
$('#divPresenter').html(eval($.validator.format('Resources.message_{0}', functionResult)));
can be written as
$('#divPresenter').html(Resources["message_" + functionResult]);

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文