eval() is a very useful and easily abused function.
var y = 'prompt("Hi what is your name?","");';
var x = eval(y);
document.write('Hello ' + x);
Sorry to revive a VERY old topic, but it's relevant to my question:
I'm doing pretty much what the rest of this thread is describing. Once I get the readyState == 4 and have my response rendered, I call a function that gets the elements with name "scripts" in my response and then passes the innerHTML to eval.
This works if the innerHTML contains only alert("test"); but the problem is that it also prints the text "alert("test");" to the page, as well as evaluating it. If I wrap it in script tags it no longer print but doesn't execute either.
What's the right way of executing the script code without printing it to the page.
I got this working by wrapping the script sections in tags and then evaluating only those bits of the response, and then additionally also setting the display style to 'none' to stop it printing. If I don't set it to display:none then the script sections get evaluated by eval AND get printed on the page
I'm not sure this the correct way of doing it, but the results are what I need.