I'm just overworking my JS code and wish to replace my eval()
's with window[functionName]
. So I just made a quick test in the JSFiddle and all works well with the following lines:
var fnName = "Page_test";
var foo = "yammy";
var Page_test = function(bar) {
return bar;
}
var Obj = window[fnName];
alert(Obj(foo));
(Link to this JSFiddle -> http://jsfiddle.net/juSHj/)
Now I try to replace the following lines of code with the evil eval()
with the above concept:
old code: (works like a charm / fired after ajax success)
...
success: function(ret) {
if(returnFnAjaxForm != "") {
eval(returnFnAjaxForm+"('"+encodeURI(jQuery.trim(ret))+"')");
}
}
...
new code:
Returns: Uncaught TypeError: Property 'dummyFn' of object [object Window] is not a function
...
success: function(ret) {
if(returnFnAjaxForm != "") {
fnObj = window[returnFnAjaxForm];
if(typeof(fnObj) == "function") { // this is optional
fnObj(encodeURI(jQuery.trim(ret)));
}
}
}
...
I'm curious where I made my mistake. Yes the function I try to fire exists and is defined with var
. Is this concept may not possible to use it on an ajax-response?
Thanks for any help.
(Using jQuery)
An alternative to eval is Function() . Just like eval() , Function() takes some expression as a string for execution, except, rather than outputting the result directly, it returns an anonymous function to you that you can call. `Function() is a faster and more secure alternative to eval().
Code injection- eval() runs string as a code and it is way more easier for hackers to get into privileged information just by the use of eval(). This is a big security threat when a program takes input from the user and is running on the client-side.
Malicious code : invoking eval can crash a computer. For example: if you use eval server-side and a mischievous user decides to use an infinite loop as their username. Terribly slow : the JavaScript language is designed to use the full gamut of JavaScript types (numbers, functions, objects, etc)… Not just strings!
eval() is also slower than the alternatives, since it has to invoke the JavaScript interpreter, while many other constructs are optimized by modern JS engines. Additionally, modern JavaScript interpreters convert JavaScript to machine code. This means that any concept of variable naming gets obliterated.
If you declare your function in a closure, it's not a member of window. Example :
var in_window = '132';
alert(window['in_window']); // Alert 132
(function() {
var not_in_window = '132';
alert(window['not_in_window']); // Alert undefined
})();
So be careful of where you declare your Page_test
variable. If you really want to put in window, you can do window.Page_test = Page_test
.
The best you can do is to use an object for all your possible callbacks. Like this :
var callbacks = {
foo : function() {},
foo1 : function() {},
foo2 : function() {},
foo3 : function() {}
};
var obj = callbacks[fnName];
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With