Why is eval unsafe in javascript? [duplicate]

by

The danger of eval only rears its ugly head when you are serving a script written by alice to user bob for bob’s browser to eval.

e.g. if bob enters his password on your page, alice could have written a keylogger in the user input you evaled and arrange for the data to be encoded in a script that bob will (unknowingly) submit to be served to alice. This is, as @Hunter2 has suggested in the comments, an XSS attack.

If you are not serving to other people, you are correct in assuming it is equivalent to firing up firebug

More Related Contents:

  1. Adding one decimal place in javaScript
  2. How to translate a ‘greeting_for’ function from Ruby to Javascript [closed]
  3. Change from (+) symbol to (-) after click (function(){
  4. React setState not updating state
  5. How to parse JSON using Node.js? [closed]
  6. Detect IE version (prior to v9) in JavaScript
  7. Angular 2 optional route parameter
  8. Removing address bar from browser (to view on Android)
  9. Getting Image Dimensions using Javascript File API
  10. comparing 2 strings alphabetically for sorting purposes
  11. how to change the background image of div using javascript?
  12. How can I remove all CSS classes using jQuery/JavaScript?
  13. How to handle window scroll event in Angular 4?
  14. Does JavaScript provide a high resolution timer?
  15. Group by, and sum, and generate an object for each array in JavaScript
  16. How to move all HTML element children to another parent using JavaScript?
  17. how to compare two string dates in javascript?
  18. How to call the same JavaScript function repeatedly while waiting for the function to run its course before invoking it again, using method chaining?
  19. Access variables and functions defined in page context using a content script
  20. How to detect a mobile device using jQuery
  21. Vue js error: Component template should contain exactly one root element
  22. Atom Electron – Close the window with javascript
  23. Sort by image resolution in gallery
  24. Service worker is caching files but fetch event is never fired
  25. Set focus and cursor to end of text input field / string w. Jquery [duplicate]
  26. Wait for callback before continue for loop
  27. Cloud Functions: How to copy Firestore Collection to a new document?
  28. Recursive Promises Not Returning
  29. How does recursive algorithm work for Towers of Hanoi?
  30. Chrome userscript error: “Unsafe JavaScript attempt to access frame”

Leave a Comment