Menu
I'm using eval to assign dynamic object's properties.
property_name_1 = property1;
property_name_2 = property2;
property_value_1 = 1;
property_value_2 = 2;
var obj = new Object;
eval("obj."+property_name_1+"='"+property_value_1+"'");
eval("obj."+property_name_2+"='"+property_value_2+"'");
then I'm using this object as post data during ajax request.
Everything is ok, but as well known eval is not safe function and I should escape property_value_1, property_value_2. For example, property_value_2 = "<a href=''>Yahoo!</a>" will cause error.
What is the best way to do it?
Thank you
375
The best way is to not use eval at all:
obj[property_name_1] = property_value_1;
obj[property_name_2] = property_value_2;
If you still want to, you have to escape apostrophes and backslashes to put the values in string literals:
eval("obj." + property_name_1 + "='" + property_value_1.replace(/\\/g,'\\\\').replace(/'/g,"\\'") + "'");
eval("obj." + property_name_2 + "='" + property_value_2.replace(/\\/g,'\\\\').replace(/'/g,"\\'") + "'");
(If you surround the literal string with quotation marks instead of apostrophes, you have to escape quotation marks and backslashes.)
107
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
