no-eval
禁止使用 eval()
JavaScript 的 eval() 函数有潜在的危险并且经常被误用。在不受信任的代码上使用 eval() 可以打开一个程序,使其遭受多种不同的注入攻击。在大多数情况下使用 eval() 可以替代解决问题的更好的替代方法。
var obj = { x: "foo" },
key = "x",
value = eval("obj." + key);
规则详情
此规则旨在通过禁止使用 eval() 函数来防止潜在危险、不必要和缓慢的代码。因此,每当使用 eval() 功能时,它都会发出警告。
此规则的错误代码示例:
/*eslint no-eval: "error"*/
var obj = { x: "foo" },
key = "x",
value = eval("obj." + key);
(0, eval)("var a = 0");
var foo = eval;
foo("var a = 0");
// This `this` is the global object.
this.eval("var a = 0");
当 browser 环境设置为 true 时,此规则的附加错误代码示例:
/*eslint no-eval: "error"*/
/*eslint-env browser*/
window.eval("var a = 0");
DIw1ZMQIyBmO7fOei/bot0S+rexS39hdKmJDCf0hS6Ua1zPHgaswqE5Sb/B8QW8TTmD8og+yekT1Z97eWgIO3akKFo3F+6U30U8tWduNGkoe1XlOR3zwLsINLuHRjReYbBYcl2HI5iREg9mhAROstQ==
/*eslint no-eval: "error"*/
/*eslint-env node*/
global.eval("var a = 0");
l5CybcasgWIIuiiIkS6hp94MRfZZmV1dRvM+wxo8v7uhUFQui2PWHfU7qWtBjcxt
/*eslint no-eval: "error"*/
/*eslint-env es6*/
var obj = { x: "foo" },
key = "x",
value = obj[key];
class A {
foo() {
// This is a user-defined method.
this.eval("var a = 0");
}
eval() {
}
static {
// This is a user-defined static method.
this.eval("var a = 0");
}
static eval() {
}
}
选项
i/QWu02im19/lo5J+rk5/cpsMpaudL3ZtFgUtUyVvUe0T9CrAWWgJskHwM2Xs9/ccg8cBgDCC4ocr8jZXIgHVVmhneRbi3HXdseDiLcFJBkREGsHJn/HjwVy/pY8gtsJKhJ7p5wUDT55jWzFZgneZm+kjSRf1FuiU3G9Yo1F51jdWUHTA+BIu5wZ66kn8DY4lXNwGG6XpLtSp29nLum6cCCBAKNEjTy8zKjcOPoBd4VzplrHuUqkehUweyZw+asewuvBSGGNg9GJaCZd67qlhqScfZEtZuEVGAYhTy3eUNrI9O9KlUO1upIweJY7aQzFulwutmEXK43Udj+KlJ0sQ2WH2K0HKpEft+MA14k1srlxSlx8ma/DaLZ8g6qgrWPR
{
"no-eval": ["error", {"allowIndirect": true}] // default is false
}
s9gPuwwz4zr1XPDUWzqT2nckqX2PmtYLAj/fGGJgfo2YHrXKI/v+ZKn/VjycNBVY9opuFWHsu2qU7pAv7NQVCjhD5L47kRq57Gq/J0Rw+DCfaBB5ONdwMf3MZ/niMfCL
/*eslint no-eval: "error"*/
var obj = { x: "foo" },
key = "x",
value = eval("obj." + key);
vLn68i7rFOv8nwd/Nio843UoD0DuWvOVPmlhwbUvXncxsfd1SxLd/jOP3WxdsoYC40rpR26HnsZ+FIcj8yyN6NZKnHj+jtBjnCYB6+nw9u4VFFR0weNee3uyV5dlPy2h
/*eslint no-eval: "error"*/
(0, eval)("var a = 0");
var foo = eval;
foo("var a = 0");
this.eval("var a = 0");
/*eslint no-eval: "error"*/
/*eslint-env browser*/
window.eval("var a = 0");
/*eslint no-eval: "error"*/
/*eslint-env node*/
global.eval("var a = 0");
已知限制
- gvlnPZ56NBc67yRk5tuGoo33H2krZJEAnQKgKPe5yUqCjgkeCnqnIPzYUNwi39x2F49Zy5fsn8Sxs4zynb0+HlPNOS017ZqhQh9pdnUs7jtptdaYFCNxPQpLdLZlr1K7DpBzfck8wdfUMtRtnmwGoRIg4FikK3TV8E1jLSM4ThUf8rUyvuE1Fn3rGEbfaV0YddEq8EB2TB1hBAV/ZwK7y8wqx3mejJhcvmmmCe5bVGq+/AGwtt5Jw2WqEdJAZLsbrDMsubPDS88r/SCpzLjj9rNmssrAMRfUOZpcR/aN5zAYILqAm2PJZ5BMsiN7ozQeXExQRStTxXk7/wapg9lU3ELQDFbGNR2qGCmyVuB2gnmPk6WnJuRRTrCjBQNghNofZZhz4WIGHMTr1RISdLJoPpnY8XLPI+FN4HJkwLzRGRXy2WQFpI+mO6EyxPOc5lse3e/V+I6xKqAMmtBYcAIkSeXtxLaeB3R8L4SXagLBQocHx91zjrNHhz4VtHxGmIxmMmRXG8nnIOMyF4RuTMsBJj4eqPBcmR9lWIz3nHpDdnh6k7+zH+tUTBYQd4fL6F738PMhYBNrRSMyt7beKHBAe3Qy4aG2w4VLzZHeFsGuKd40/kv9eJNqssPsWnFprQXpYKIUSRVmUTaKq10t8JScEMLxLfWjRILle9voFrweKEDkDGGUk8vxw++e69Y4xyFg+evD5Xpwsz2OlYALq3jwHwEpFZGQy/PRlwGiVE+AqdI=