eval()

  • Revision slug: JavaScript/Reference/Global_Objects/eval
  • Revision title: eval
  • Revision id: 82203
  • Created:
  • Creator: Nickolay
  • Is current revision? No
  • Comment /* Description */ link [[Downloading_JSON_and_JavaScript_in_extensions]] and add a section about *not* using eval

Revision Content

Summary

Core Function

Evaluates a string of JavaScript code without reference to a particular object.

Syntax

eval(string {{mediawiki.external(', <i>object</i>')}})

Parameters

string
A string representing a JavaScript expression, statement, or sequence of statements. The expression can include variables and properties of existing objects.
object
{{wiki.template('Non-standard_inline')}}
An optional argument; if specified, the evaluation is restricted to the context of the specified object.

Description

eval is a top-level function and is not associated with any object.

The argument of the eval function is a string. If the string represents an expression, eval evaluates the expression. If the argument represents one or more JavaScript statements, eval performs the statements. Do not call eval to evaluate an arithmetic expression; JavaScript evaluates arithmetic expressions automatically.

If you construct an arithmetic expression as a string, you can use eval to evaluate it at a later time. For example, suppose you have a variable x. You can postpone evaluation of an expression involving x by assigning the string value of the expression, say "3 * x + 2", to a variable, and then calling eval at a later point in your script.

If the argument of eval is not a string, eval returns the argument unchanged. In the following example, the String constructor is specified, and eval returns a String object rather than evaluating the string.

eval(new String("2 + 2")); // returns a String object containing "2 + 2"
eval("2 + 2");             // returns 4

You can work around this limitation in a generic fashion by using toString.

var expression = new String("2 + 2");
eval(expression.toString());

You cannot indirectly use the eval function by invoking it via a name other than eval; if you do, a runtime error might occur. For example, you should not use the following code:

var x = 2;
var y = 4;
var myEval = eval;
myEval("x + y");

Don't use eval!

eval() is a dangerous function, which executes the code it's passed with the privileges of the caller. If you run eval() with a string that could be affected by a malicious party, you may end up running malicious code on the user's machine with the permissions of your webpage / extension.

There are safe alternatives to eval() for common use-cases.

Parsing JSON

See Downloading JSON and JavaScript in extensions.

Accessing member properties

You should not use eval to convert property names into properties. Consider the following example. The getFieldName(n) function returns the name of the specified form element as a string. The first statement assigns the string value of the third form element to the variable field. The second statement uses eval to display the value of the form element.

var field = getFieldName(3);
document.write("The field named ", field, " has value of ",
   eval(field + ".value"));

However eval is not necessary here. In fact, its use here is discouraged. Instead, use the member operators, which are much faster:

var field = getFieldName(3);
document.write("The field named ", field, " has value of ",
   field[value]);

Cross-implementation compatibility

It should be noted that the second optional parameter to eval is non-standard and not supported in all JavaScript implementations; at the time of this writing, for instance, Rhino doesn't support it, nor does Safari's JavaScriptCore.

To maintain compatibility across implementations, it is recommended that the second parameter to eval not be used. To achieve the same effect, the with statement may be used. So rather than using

eval(string, object);

use

with (object) {
  eval(string);
}

Examples

The following examples display output using document.write. In server-side JavaScript, you can display the same output by calling the write function instead of using document.write.

Example: Using eval

In the following code, both of the statements containing eval return 42. The first evaluates the string "x + y + 1"; the second evaluates the string "42".

var x = 2;
var y = 39;
var z = "42";
eval("x + y + 1"); // returns 42
eval(z);           // returns 42 

Example: Using eval to evaluate a string of JavaScript statements

The following example uses eval to evaluate the string str. This string consists of JavaScript statements that open an Alert dialog box and assign z a value of 42 if x is five, and assigns 0 to z otherwise. When the second statement is executed, eval will cause these statements to be performed, and it will also evaluate the set of statements and return the value that is assigned to z.

var str = "if (x == 5) {alert('z is 42'); z = 42;} else z = 0; ";
document.write("<P>z is ", eval(str));

Return value

eval returns the value of the last expression evaluated.

var str = "if ( a ) { 1+1; } else { 1+2; }";
var a = true;
var b = eval(str);  // returns 2 
alert("b is : " + b);
a = false;
b = eval(str);  // returns 3
alert("b is : " + b);

See also

{{ wiki.languages( { "es": "es/Referencia_de_JavaScript_1.5/Funciones_globales/eval", "fr": "fr/R\u00e9f\u00e9rence_de_JavaScript_1.5_Core/Fonctions_globales/eval", "pl": "pl/Dokumentacja_j\u0119zyka_JavaScript_1.5/Funkcje/eval" } ) }}

Revision Source

<p>
</p>
<h3 name="Summary"> Summary </h3>
<p><b>Core Function</b>
</p><p>Evaluates a string of JavaScript code without reference to a particular object.
</p>
<h3 name="Syntax"> Syntax </h3>
<p><code>
eval(<i>string</i> {{mediawiki.external(', &lt;i&gt;object&lt;/i&gt;')}})
</code>
</p>
<h3 name="Parameters"> Parameters </h3>
<dl><dt> <code>string</code>
</dt><dd> A string representing a JavaScript expression, statement, or sequence of statements. The expression can include variables and properties of existing objects.
</dd><dt> <code>object</code>
</dt><dd> {{wiki.template('Non-standard_inline')}}
</dd><dd> An optional argument; if specified, the evaluation is restricted to the context of the specified object.
</dd></dl>
<h3 name="Description"> Description </h3>
<p><code>eval</code> is a top-level function and is not associated with any object.
</p><p>The argument of the <code>eval</code> function is a string. If the string represents an expression, <code>eval</code> evaluates the expression. If the argument represents one or more JavaScript statements, <code>eval</code> performs the statements. Do not call <code>eval</code> to evaluate an arithmetic expression; JavaScript evaluates arithmetic expressions automatically.
</p><p>If you construct an arithmetic expression as a string, you can use <code>eval</code> to evaluate it at a later time. For example, suppose you have a variable <code>x</code>. You can postpone evaluation of an expression involving <code>x</code> by assigning the string value of the expression, say "<code>3 * x + 2</code>", to a variable, and then calling <code>eval</code> at a later point in your script.
</p><p>If the argument of <code>eval</code> is not a string, <code>eval</code> returns the argument unchanged. In the following example, the <code>String</code> constructor is specified, and <code>eval</code> returns a <code>String</code> object rather than evaluating the string.
</p>
<pre>eval(new String("2 + 2")); // returns a String object containing "2 + 2"
eval("2 + 2");             // returns 4
</pre>
<p>You can work around this limitation in a generic fashion by using <code>toString</code>.
</p>
<pre>var expression = new String("2 + 2");
eval(expression.toString());
</pre>
<p>You cannot indirectly use the <code>eval</code> function by invoking it via a name other than <code>eval</code>; if you do, a runtime error might occur. For example, you should not use the following code:
</p>
<pre>var x = 2;
var y = 4;
var myEval = eval;
myEval("x + y");
</pre>
<h3 name="Don.27t_use_eval.21"> Don't use eval! </h3>
<p><code>eval()</code> is a dangerous function, which executes the code it's passed with the privileges of the caller. If you run <code>eval()</code> with a string that could be affected by a malicious party, you may end up running malicious code on the user's machine with the permissions of your webpage / extension.
</p><p>There are safe alternatives to <code>eval()</code> for common use-cases.
</p>
<h3 name="Parsing_JSON"> Parsing JSON </h3>
<p>See <a href="en/Downloading_JSON_and_JavaScript_in_extensions">Downloading JSON and JavaScript in extensions</a>.
</p>
<h4 name="Accessing_member_properties"> Accessing member properties </h4>
<p>You should not use <code>eval</code> to convert property names into properties.  Consider the following example. The <code>getFieldName(n)</code> function returns the name of the specified form element as a string. The first statement assigns the string value of the third form element to the variable <code>field</code>. The second statement uses <code>eval</code> to display the value of the form element.
</p>
<pre>var field = getFieldName(3);
document.write("The field named ", field, " has value of ",
   eval(field + ".value"));
</pre>
<p>However <code>eval</code> is not necessary here. In fact, its use here is discouraged.  Instead, use the <a href="en/Core_JavaScript_1.5_Reference/Operators/Member_Operators">member operators</a>, which are much faster:
</p>
<pre>var field = getFieldName(3);
document.write("The field named ", field, " has value of ",
   field[value]);
</pre>
<h3 name="Cross-implementation_compatibility"> Cross-implementation compatibility </h3>
<p>It should be noted that the second optional parameter to <code>eval</code> is non-standard and not supported in all JavaScript implementations; at the time of this writing, for instance, <a href="en/Rhino">Rhino</a> doesn't support it, nor does Safari's JavaScriptCore.
</p><p>To maintain compatibility across implementations, it is recommended that the second parameter to <code>eval</code> not be used. To achieve the same effect, the <a href="en/Core_JavaScript_1.5_Reference/Statements/with">with statement</a> may be used. So rather than using
</p>
<pre class="eval">eval(<i>string</i>, <i>object</i>);
</pre>
<p>use
</p>
<pre class="eval">with (<i>object</i>) {
  eval(<i>string</i>);
}
</pre>
<h3 name="Examples"> Examples </h3>
<p>The following examples display output using <code>document.write</code>. In server-side JavaScript, you can display the same output by calling the <code>write</code> function instead of using <code>document.write</code>.
</p>
<h4 name="Example:_Using_eval"> Example: Using <code>eval</code> </h4>
<p>In the following code, both of the statements containing <code>eval</code> return 42. The first evaluates the string "<code>x + y + 1</code>"; the second evaluates the string "<code>42</code>".
</p>
<pre>var x = 2;
var y = 39;
var z = "42";
eval("x + y + 1"); // returns 42
eval(z);           // returns 42 
</pre>
<h4 name="Example:_Using_eval_to_evaluate_a_string_of_JavaScript_statements"> Example: Using <code>eval</code> to evaluate a string of JavaScript statements </h4>
<p>The following example uses <code>eval</code> to evaluate the string <code>str</code>. This string consists of JavaScript statements that open an Alert dialog box and assign <code>z</code> a value of 42 if <code>x</code> is five, and assigns 0 to <code>z</code> otherwise. When the second statement is executed, <code>eval</code> will cause these statements to be performed, and it will also evaluate the set of statements and return the value that is assigned to <code>z</code>.
</p>
<pre>var str = "if (x == 5) {alert('z is 42'); z = 42;} else z = 0; ";
document.write("&lt;P&gt;z is ", eval(str));
</pre>
<h3 name="Return_value"> Return value </h3>
<p><code>eval</code> returns the value of the last expression evaluated.
</p>
<pre>var str = "if ( a ) { 1+1; } else { 1+2; }";
var a = true;
var b = eval(str);  // returns 2 
alert("b is : " + b);
a = false;
b = eval(str);  // returns 3
alert("b is : " + b);
</pre>
<h3 name="See_also"> See also </h3>
<ul><li><a href="en/Core_JavaScript_1.5_Reference/Operators/Member_Operators">member operators</a>
</li></ul>
<div class="noinclude">
</div>
{{ wiki.languages( { "es": "es/Referencia_de_JavaScript_1.5/Funciones_globales/eval", "fr": "fr/R\u00e9f\u00e9rence_de_JavaScript_1.5_Core/Fonctions_globales/eval", "pl": "pl/Dokumentacja_j\u0119zyka_JavaScript_1.5/Funkcje/eval" } ) }}
Revert to this revision