Javascript: How to use eval() safely -
this question has answer here:
- when javascript's eval() not evil? 22 answers
i building little game , i've gotten point need calculate data in tips of abilities unique each individual unit. figured i'm gonna need formula. don't know if the way it's supposed done here's i've come with
tip = 'hurls fire ball @ enemy, dealing [x] damage.'; formula = '5 * unit.magicpower * abilitylevel';
so each unit's tool tip use
tip.replace('[x]', eval(formula))
which appears work fine, i'm concerned safety of code. hasn't been once or twice i've seen people discouraging use of it. there potential issues may occur way i'm using eval()
?
as long you control input eval
, it's safe use it. concern comes in when you're using process input don't control. @ point, becomes unsafe because it's full javascript parser people try use expression evaluator (for instance, when parsing json source don't control).
the other objection it's firing full javascript parser (and in theory costly), frankly unless you're doing hundreds of thousands of times in tight loop, it's not going matter.
Comments
Post a Comment