Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

fnObj = window[functionName] is not a function issue - eval() works well

I'm just overworking my JS code and wish to replace my eval()'s with window[functionName]. So I just made a quick test in the JSFiddle and all works well with the following lines:

var fnName = "Page_test";
var foo = "yammy";
var Page_test = function(bar) {
    return bar;
}
var Obj = window[fnName];
alert(Obj(foo));

(Link to this JSFiddle -> http://jsfiddle.net/juSHj/)

Now I try to replace the following lines of code with the evil eval() with the above concept:

old code: (works like a charm / fired after ajax success)

 ...
 success: function(ret) {
     if(returnFnAjaxForm != "") {
          eval(returnFnAjaxForm+"('"+encodeURI(jQuery.trim(ret))+"')");
     }
 }
 ...

new code:

Returns: Uncaught TypeError: Property 'dummyFn' of object [object Window] is not a function

...
success: function(ret) {
     if(returnFnAjaxForm != "") {
          fnObj = window[returnFnAjaxForm];
          if(typeof(fnObj) == "function") { // this is optional
               fnObj(encodeURI(jQuery.trim(ret)));
          }
     }
} 
...

I'm curious where I made my mistake. Yes the function I try to fire exists and is defined with var . Is this concept may not possible to use it on an ajax-response?

Thanks for any help.

(Using jQuery)

like image 910
wildhaber Avatar asked Jan 18 '13 16:01

wildhaber


People also ask

How to replace eval function?

An alternative to eval is Function() . Just like eval() , Function() takes some expression as a string for execution, except, rather than outputting the result directly, it returns an anonymous function to you that you can call. `Function() is a faster and more secure alternative to eval().

Why is using eval bad?

Code injection- eval() runs string as a code and it is way more easier for hackers to get into privileged information just by the use of eval(). This is a big security threat when a program takes input from the user and is running on the client-side.

Why JSON eval is not recommended for use?

Malicious code : invoking eval can crash a computer. For example: if you use eval server-side and a mischievous user decides to use an infinite loop as their username. Terribly slow : the JavaScript language is designed to use the full gamut of JavaScript types (numbers, functions, objects, etc)… Not just strings!

Is eval slow JavaScript?

eval() is also slower than the alternatives, since it has to invoke the JavaScript interpreter, while many other constructs are optimized by modern JS engines. Additionally, modern JavaScript interpreters convert JavaScript to machine code. This means that any concept of variable naming gets obliterated.


1 Answers

If you declare your function in a closure, it's not a member of window. Example :

var in_window = '132';
alert(window['in_window']); // Alert 132

(function() {
    var not_in_window = '132';
    alert(window['not_in_window']); // Alert undefined
})();

So be careful of where you declare your Page_test variable. If you really want to put in window, you can do window.Page_test = Page_test.

The best you can do is to use an object for all your possible callbacks. Like this :

var callbacks = {
    foo : function() {},
    foo1 : function() {},
    foo2 : function() {},
    foo3 : function() {}
};

var obj = callbacks[fnName];
like image 124
Magus Avatar answered Sep 29 '22 19:09

Magus