Javascript 替代 eval()
Javascript alternative of eval()
eval() 完全符合我的要求,但是当我查看 MDN 中的文档时,它说
Do not ever use eval!
eval() is a dangerous function, which executes the code it's passed with the privileges of the caller. If you run eval() with a string that could be affected by a malicious party, you may end up running malicious code on the user's machine with the permissions of your webpage / extension. More importantly, a third-party code can see the scope in which eval() was invoked, which can lead to possible attacks in ways to which the similar Function is not susceptible.
eval() is also slower than the alternatives, since it has to invoke the JS interpreter, while many other constructs are optimized by modern JS engines.
Additionally, modern javascript interpreters convert javascript to machine code. This means that any concept of variable naming gets obliterated. Thus, any use of eval will force the browser to do long expensive variable name lookups to figure out where the variable exists in the machine code and set it's value. Additonally, new things can be introduced to that variable through eval() such as changing the type of that variable, forcing the browser to reevaluate all of the generated machine code to compensate. However, there (thankfully) exists a very good alternative to eval: simply using window.Function. As an example of how you convert code using evil eval() to using Function().
对我来说什么是更好的选择。我的代码是这样的:
let aCount=0;
let bCount=0;
addCount=(option)=>{ //option either a or b
const choice=eval(option+"Count"); // then combine to aCount or bCount
choice++;
}
addCount(a);//aCount=1;
addCount(a);//aCount=2;
addCount(b);//bCount=1;
addCount(b);//bCount=2;
我之前尝试过 window[variable],但它没有 return 值
我不能做
const choice=window[option+"Count"]
它将 return 未定义。
而且我需要多次调用 choice,所以我无法重复 window[variable].
除此之外"eval",你的示例代码还有一些错误,我就不解释了。
现在我们关注您示例中的 "eval"。如果你这样做了,你会发现它根本不起作用。您只能像 eval(option + "Count++") 那样执行此操作,而不是将 aCount/bCount 的值分配给 (CONST!) 变量,然后增加该变量。以下代码存在逻辑问题:
let c = aCount;
c++; // aCount not changed
在我看来,您可以在某些特殊情况下使用 "eval",只要传入 "eval" 的代码是绝对可信的。在您的示例代码中,它对应于此规则。 (然而,除了安全性,"eval" 还存在性能问题。)
当然,您还有其他更好的选择来避免使用"eval"。例如,使用 if/else 或 switch/case:
addCount=(option)=>{
if (option === 'a') aCount++;
else if (option === 'b') bCount++;
}
或者,您可以使用一个对象来保存所有变量:
let obj = {aCount: 0, bCount: 0};
addCount=(option)=>{
obj[option + "Count"]++;
}
eval() 完全符合我的要求,但是当我查看 MDN 中的文档时,它说
Do not ever use eval! eval() is a dangerous function, which executes the code it's passed with the privileges of the caller. If you run eval() with a string that could be affected by a malicious party, you may end up running malicious code on the user's machine with the permissions of your webpage / extension. More importantly, a third-party code can see the scope in which eval() was invoked, which can lead to possible attacks in ways to which the similar Function is not susceptible.
eval() is also slower than the alternatives, since it has to invoke the JS interpreter, while many other constructs are optimized by modern JS engines.
Additionally, modern javascript interpreters convert javascript to machine code. This means that any concept of variable naming gets obliterated. Thus, any use of eval will force the browser to do long expensive variable name lookups to figure out where the variable exists in the machine code and set it's value. Additonally, new things can be introduced to that variable through eval() such as changing the type of that variable, forcing the browser to reevaluate all of the generated machine code to compensate. However, there (thankfully) exists a very good alternative to eval: simply using window.Function. As an example of how you convert code using evil eval() to using Function().
对我来说什么是更好的选择。我的代码是这样的:
let aCount=0;
let bCount=0;
addCount=(option)=>{ //option either a or b
const choice=eval(option+"Count"); // then combine to aCount or bCount
choice++;
}
addCount(a);//aCount=1;
addCount(a);//aCount=2;
addCount(b);//bCount=1;
addCount(b);//bCount=2;
我之前尝试过 window[variable],但它没有 return 值 我不能做
const choice=window[option+"Count"]
它将 return 未定义。 而且我需要多次调用 choice,所以我无法重复 window[variable].
除此之外"eval",你的示例代码还有一些错误,我就不解释了。
现在我们关注您示例中的 "eval"。如果你这样做了,你会发现它根本不起作用。您只能像 eval(option + "Count++") 那样执行此操作,而不是将 aCount/bCount 的值分配给 (CONST!) 变量,然后增加该变量。以下代码存在逻辑问题:
let c = aCount;
c++; // aCount not changed
在我看来,您可以在某些特殊情况下使用 "eval",只要传入 "eval" 的代码是绝对可信的。在您的示例代码中,它对应于此规则。 (然而,除了安全性,"eval" 还存在性能问题。)
当然,您还有其他更好的选择来避免使用"eval"。例如,使用 if/else 或 switch/case:
addCount=(option)=>{
if (option === 'a') aCount++;
else if (option === 'b') bCount++;
}
或者,您可以使用一个对象来保存所有变量:
let obj = {aCount: 0, bCount: 0};
addCount=(option)=>{
obj[option + "Count"]++;
}