Hi, sorry for the somewhat basic question. I’ve inherited a site that needs to be modified quickly to bring it compliant with a content security policy.
One of the major issues is the use of eval(). The content of the site is generated dynamically, so elements of a page are listed depending upon the contents of the database. If there are 10 values in the database, then there are 10 elements produced in the page. eval() has been used to carry out actions on each of the 10 elements, passing the number of the element back to carry out that action.
For example, this is simplified, but hopefully gives the idea:
Javascript:
[code]function doSomething(divID)
{
var loopID = divID;
eval(“document.getElementById(‘otherField” + loopID + “‘).innerHTML = ‘Display something’;”);
}
[code]<div id=”field1″ onClick=”doSomething(‘1’)”></div>
<div id=”field2″ onClick=”doSomething(‘2’)”></div>
<div id=”field3″ onClick=”doSomething(‘3’)”></div>
<div id=”field4″ onClick=”doSomething(‘4’)”></div>
<div id=”otherField1″></div>
<div id=”otherField2″></div>
<div id=”otherField3″></div>
<div id=”otherField4″></div>
In this instance, there are 4 elements each, but could be more or less, hence the use of eval() to display text in the correspondingly numbered element of the other div.
Is there a more robust way this can be done using Javascript, without the security issues of using eval().
Really appreciate your help,
Thanks.