如何清理 JS eval 输入?
a="79 * 2245 + (79 * 2 - 7)";
b="";
c=["1","2","3","4","5","6","7","8","9","0","+","-","/","*"];
for (i=1;i<a.length;i++){
for (ii=1;i<c.length;i++){
b=(a.substring(0,i))+(c[ii])+(a.substring(i+1,a.length));
alert(eval(b.replace(" ","")));
}
}
我需要找出如何制作它,以便当我使用 eval 时,我知道输入不会停止脚本,并且如果它通常会使脚本崩溃,则可以忽略它。我知道 eval 不是一个很好用的函数,但我想要一个快速而简单的方法来解决这个问题。上面的代码尝试输出所有答案以及上面任何数字、符号或空格的所有可能替换。 i 表示它在字符串中经过的距离,ii 表示当前正在检查的符号。 a是原始问题,b是修改后的问题。
a="79 * 2245 + (79 * 2 - 7)";
b="";
c=["1","2","3","4","5","6","7","8","9","0","+","-","/","*"];
for (i=1;i<a.length;i++){
for (ii=1;i<c.length;i++){
b=(a.substring(0,i))+(c[ii])+(a.substring(i+1,a.length));
alert(eval(b.replace(" ","")));
}
}
I need to find out how to make it so that when I use eval, I know that the input will not stop the script, and if it would normally crash the script to just ignore it. I understand that eval is not a good function to use, but I want a quick and simple method by which I can solve this. The above code tries to output all of the answers with all of the possible replacements for any digit, sign or space in the above. i represents the distance through which it has gone in the string and ii represents the symbol that it is currently checking. a is the original problem and b is the modified problem.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
尝试捕获 eval 可能抛出的异常,如下所示:
Try catching the exception eval might throw, like this:
您可以检查一些特殊情况并使用正则表达式等避免某些行为,但是绝对没有办法“如果它通常会崩溃就忽略它”,
这类似于 Mellamokb 提到的停止问题。除了运行脚本之外,没有办法确定脚本运行是否完成。
人们应该非常小心地审查任何进入 eval 的字符串,并尽可能避免用户输入,除了像整数值这样真正简单且可验证的东西。如果您能找到一种完全解决
eval的方法那就更好了。对于计算示例,您展示了最好将其正确解析为标记并从那里开始,而不是以字符串形式进行评估。
PS - 如果您确实想检查
a中的表达式的这些一次性内容,那么尽管存在缺陷,但eval的使用还是有点有趣的。您能解释一下为什么在评估之前立即修剪空白吗?我不认为我能想到会影响结果的情况。对于(至少大多数)有效的表达式来说,它没有什么区别,虽然它可能会改变一些无效的情况,但我想不出它这样做有意义的情况You can check for a few special cases and avoid some behaviors with regex or the like, but there is definitely no way to 'if it would normally crash just ignore it'
That is akin to the halting problem, as mellamokb refers to. And theres no way to know ipositively f a script runs to completion besides running it.
One should be very careful to vet any strings that go to
eval, and keep user input out of them as much as possibl except for real simple and verifiable things like an integer value. If you can find a way aroundevalaltogether than all the better.For the calculation example you show its probably best to parse it properly into tokens and go from there rather than evaluate in string form.
PS - if you really want to check out these one-off's to the expression in
a, it is a somewhat interesting use ofevaleespite its faults. cam you explain why you are trimming the whitespace imediately before evaluation? i dont believe i can think of a situation where it effects the results. for (at least most) valid expressions it makes no difference, and while it might alter some of the invalid cases i cant think of a case where it does so meaningfully