评估是邪恶的问题
使用 JSlint 验证我的 JavaScript。
我收到一条错误消息,说 eval 是邪恶的!这是为什么?我可以使用其他替代方案吗?
这是我使用 eval 的示例,并且希望找到解决方法。
我有一个像这样的数组:
var Resources = {
message_1: 'Message 1',
message_2: 'Message 2',
message_3: 'Message 3',
message_4: 'Message 4'
};
我有一个函数 (functionResult),它返回一个数字,可以是 1、2、3 或 4。所以我想要在下面的代码行中执行的操作是获取数组中存在消息的资源以我的函数的结果结束。
$('#divPresenter').html(eval($.validator.format('Resources.message_{0}', functionResult)));
有什么想法可以删除 eval 并用其他东西替换吗?
Using JSlint to validate my javascript.
I am getting an error saying eval is evil! Why is this and is there an alternative I can use?
Here is an example of where I am using eval and would like a workaround for it.
I have an array like this:
var Resources = {
message_1: 'Message 1',
message_2: 'Message 2',
message_3: 'Message 3',
message_4: 'Message 4'
};
I have a function (functionResult) that returns a number, either 1, 2, 3 or 4. So what I want to do in the following line of code is get the Resource in the array that there message ends in the result of my function.
$('#divPresenter').html(eval($.validator.format('Resources.message_{0}', functionResult)));
Any ideas how I could remove eval and replace with something else?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
而不是:
只需使用:
JavaScript 中的所有对象实际上都是关联数组(也称为哈希),点语法 (
ab) 只是用于在哈希中查找内容的语法糖 (a[ 'b'])。所以你根本不需要eval;只需将键构建为字符串,然后使用该键查找您的值。Instead of:
just use:
All objects in JavaScript are really associative arrays (aka hashes), and the dot syntax (
a.b) is just syntactic sugar for looking something up in the hash (a['b']). So you don't needevalat all; just build the key as a string, and look up your value using that key.链接
Link
它是邪恶的,因为它允许您将字符串作为代码执行,而谁知道该字符串来自何处或包含什么。
是的,99.9% 的情况下,都有更好的替代方案(具体是什么取决于您使用
eval的目的)。剩下的0.1%的时间,你真的别无选择,只能使用eval,在这种情况下,你需要极其谨慎。It's evil because it lets you execute a string as code, and who knows where that string came from or what it contains.
And yes, 99.9% of the time, there are better alternatives (what exactly these are depends on what you're using
evalfor). The remaining 0.1% of the time, you really have no choice but to useeval, and in such cases, you need to be extremely cautious.JS Lint 融合了 Douglas Crockford 认为的 JavaScript 最佳实践。他强烈反对使用的函数之一是
eval。我相信他认为这是缓慢且不安全的。可能有许多潜在的替代方案,具体取决于所讨论的代码。如果您想发布使用
eval的代码部分,我们可以提供更具体的建议。JS Lint incorporates what Douglas Crockford considers to be the best practices for JavaScript. One of the functions he strongly discourages the use of is
eval. I believe he considers it to be slow and insecure.There could be many potential alternatives, depending on the code in question. If you'd like to post the section of your code which uses
eval, we can give more specific advice.如果您尝试使用 eval 将字符串转换为 JSON 对象,也许可以尝试 JSON 解析器库(我从未使用过它,但看起来很合理)。
If you are trying to use eval to turn strings into JSON objects, perhaps try a JSON parser lib (I've never used it but it looks reasonable).
我不完全清楚你在做什么,但看起来像
$('#divPresenter').html(eval($.validator.format('Resources.message_{0}', functionResult)));可以写成
$('#divPresenter').html(Resources["message_" + functionResult]);I'm not entirely clear on what you're doing, but it looks like
$('#divPresenter').html(eval($.validator.format('Resources.message_{0}', functionResult)));can be written as
$('#divPresenter').html(Resources["message_" + functionResult]);