Usage analysis of eval functions in javascript

  • 2020-06-01 08:21:59
  • OfStack

This paper analyzes the usage of eval function in javascript by example. Share with you for your reference. The specific analysis is as follows:

eval() has only one parameter, and if the parameter passed in is not a string, this parameter is returned directly. Otherwise the string is compiled as if it were js code, and a syntax error (SyntaxError) exception is thrown if the compilation fails. If the compilation is successful, the code is executed and the value of the last expression or statement in the string is returned. If the last expression or statement has no value, undefined is eventually returned. If the string throws an exception, the exception passes the call to eval();

Most importantly, eval() USES the variable scope environment that calls it, which is the code that looks up the value of the variable and defines the operation and local scope of the new variable and function.


eval("var x = 100");
eval("var y = 11");
console.log(x * y); //x * y == 1100
eval("function foo(x){return Math.pow(x,x);}");
console.log(foo(5)); // 25

The context in which the eval string is executed is the same as the context in which the function is called, so it cannot be run as part 1 of the function:


var foo = function(a){
  eval(a);
  };
foo("return;");

Because the context in which eval(a) is executed is global, using return in the global context throws a syntax error :return not in function.

eval() has the ability to modify local variables, which is a big problem for the js optimizer. To simplify the implementation of the js interpreter, the ECMAScript3 standard states that no interpreter is allowed to alias eval(), and that if the eval() function is called through an alias, an EvalError exception will be thrown.
In fact, most implementations don't. When invoked through an alias, eval() executes its string as if it were top-level global code. Executing code may define new global variables and global functions, or assign values to global variables, but it cannot use or modify local variables in the main calling function, so it does not affect code optimization within the function.

In ECMAScript5, the attitude is different: against throwing an EvalError exception. In ECMAScript5, when the function eval() is called directly with an unqualified name, it is usually called "direct eval(direct eval)". When eval() is called directly, it is always executed in the context scope in which it was called. Other indirect calls use a global object as their context scope and are unable to read, write, and define local variables and functions. (but what I actually found in the firebug test was that all global variables were modified :()

There are not many scenarios where the actual eval is required to execute code snippets, and it is likely that global eval will be used more often than local eval.

Earlier versions of IE before IE9 were not global eval when eval() was called through an alias, but IE defined a global function of execScript () to do the global eval function (single-core eval() is slightly different, execScript() always returns null).

The ECMAScript5 strict pattern imposes additional restrictions on the behavior of eval functions. In strict mode using eval or eval execution code to "use strict" at the start of the instruction, eval is the local eval private context. In addition, strict mode will eval listed as reserved words, this let eval () more like a operator, will not be covered in 1 individual name eval () function, and variable, function name, function parameters or abnormal capture cannot be named "eval".

I hope this article has been helpful to your javascript programming.


Related articles: