All geek questions in one place

Javascript Evaluation Limits

Is there a limit for javascript eval, how long?

I am trying to create an application in which you can store JS code in a database, which you can later download and evaluate in order to execute it, but I am reaching the limit. First of all, the code should be on one line. Any multiline statements are not executed. Then I reach the limit in length (think). If I execute the code manually, it works, but put the same code in db, downloaded it via ajax and tried to execute it, and it fails.

Any ideas why?

+4
source share
3 answers

You can create a javascript function that dynamically creates a script -tag ( createElement('script') and adds it to the head- or bodytag) and points to the source for your application. Src may contain parameters used as a request for receipt, for example, for example: src="jsapp.aspx?script=myscript&includefunction=loadfn" There is no need for eval. You can even define an onload handler for your new script tag. There is a lot of documentation for this.

You would not even need to use XHR (AKA Ajax).

+1
source

You do not need to use eval, and this is not quite what you need to use. You can simply print it on the page and run.

Here is the accepted answer about why you should not use eval:

  • Misuse of eval opens your code for injection attacks.
  • Debugging can be more complicated (no line numbers, etc.).
  • eval'd code runs slower (there is no way to compile / cache eval'd code)
+1
source

I also came across this. As others have said, eval comes in handy when you create Javascript on the fly, and then want it to run in the browser. My use of this technique is to do small things, such as a simple function that will just make a callback on the server when a button is clicked. Depending on the circumstances, there may be two functions or only one. I also used it to display information that changes from a database. Information is always plain text. Thus, no injection attack can be carried out.

In any case, I also came across this Javascript EVAL restriction, and it seems to me that there is a limit of 1024 characters. When I move on to this, I start getting weird things like eval, just spitting out the source code. This is really obvious, because I am walking around before sending to the browser, so I can have things like single and double quotes in the text, without any problems. (And all the noises help prevent injections.)

I am also a supporter of the man who said to use getcript in jQuery. It works as well as eval without size restrictions. The only additional step you should take is to create a Javascript file first.

I hope this helps and answers the original question about posters. I believe the size limit is 1024 bytes.

0
source

Source: https://habr.com/ru/post/1307711/

More articles:


All Articles