When is JavaScript’s eval() not evil?

I’m writing some JavaScript code to parse user-entered functions (for spreadsheet-like functionality). Having parsed the formula I could convert it into JavaScript and run eval() on it to yield the result. However, I’ve always shied away from using eval() if I can avoid it because it’s evil (and, rightly or wrongly, I’ve always thought it … Read more

Why is using the JavaScript eval function a bad idea?

The eval function is a powerful and easy way to dynamically generate code, so what are the caveats? 25 s 25 Improper use of eval opens up your code for injection attacks Debugging can be more challenging (no line numbers, etc.) eval’d code executes slower (no opportunity to compile/cache eval’d code) Edit: As @Jeff Walden … Read more