/    Sign up×
Community /Pin to ProfileBookmark

Doing away with eval()

Copy linkTweet thisAlerts:
Sep 24.2020

Hi, sorry for the somewhat basic question. I’ve inherited a site that needs to be modified quickly to bring it compliant with a content security policy.

One of the major issues is the use of eval(). The content of the site is generated dynamically, so elements of a page are listed depending upon the contents of the database. If there are 10 values in the database, then there are 10 elements produced in the page. eval() has been used to carry out actions on each of the 10 elements, passing the number of the element back to carry out that action.

For example, this is simplified, but hopefully gives the idea:

Javascript:

[code]function doSomething(divID)
{
var loopID = divID;
eval(“document.getElementById(‘otherField” + loopID + “‘).innerHTML = ‘Display something’;”);
}[/code]
[code]<div id=”field1″ onClick=”doSomething(‘1’)”></div>
<div id=”field2″ onClick=”doSomething(‘2’)”></div>
<div id=”field3″ onClick=”doSomething(‘3’)”></div>
<div id=”field4″ onClick=”doSomething(‘4’)”></div>

<div id=”otherField1″></div>
<div id=”otherField2″></div>
<div id=”otherField3″></div>
<div id=”otherField4″></div>[/code]

In this instance, there are 4 elements each, but could be more or less, hence the use of eval() to display text in the correspondingly numbered element of the other div.

Is there a more robust way this can be done using Javascript, without the security issues of using eval().

Really appreciate your help,

Thanks.

to post a comment
JavaScript

5 Comments(s)

Copy linkTweet thisAlerts:
@SempervivumSep 24.2020 — No need for using eval(), this can be done without:
function doSomething(divID)
{
document.getElementById('otherField' + divID).innerHTML = 'Display something';
}
Copy linkTweet thisAlerts:
@NogDogSep 24.2020 — Caveat: I am not a JavaScript expert. However, I'm not seeing any reason for using eval() there. Couldn't you just do something like...
<i>
</i>document.getElementById('otherField' + loopID).innerHTML = 'Display something');

...?

PS: The version posted by Sempervivum while I was typing is even cleaner, so use that. :)
Copy linkTweet thisAlerts:
@sliochauthorSep 24.2020 — < bangs head on desk > Thank you! That does, of course, work. Really appreciate the quick responses. Wondering if I can ask for help with something, along the same lines, then I think I'm good.

Calling a dynamically generated function from some AJAX code. In the example above, there were 4 divs (could be more, could be less), so a function has been created for each element. In the example below, there are 4 functions called "stateChanged" (stateChanged1, 2, 3, 4). How can I do away with the eval() in this instance please?

function showRisks(passedID)
{
var theID = passedID;

<i> </i>xmlHttp=GetXmlHttpObject();
<i> </i>if (xmlHttp==null)
<i> </i> {
<i> </i> alert ("Your browser does not support AJAX!");
<i> </i> return;
<i> </i> }
<i> </i>var url="nextPage.cfm?theID=" + theID;
<i> </i>url=url+"&amp;sid="+Math.random();

<i> </i>eval("xmlHttp.onreadystatechange=stateChanged" + theID + ";");
<i> </i>xmlHttp.open("POST",url,true);
<i> </i>xmlHttp.send(null);
}

Once again, many thanks in advance.
Copy linkTweet thisAlerts:
@SempervivumSep 24.2020 — A simple solution would be to use only one function:
function showRisks(passedID)
{
xmlHttp=GetXmlHttpObject();
if (xmlHttp==null)
{
alert ("Your browser does not support AJAX!");
return;
}
var url="nextPage.cfm?theID=" + passedID;
url=url+"&amp;sid="+Math.random();

xmlHttp.onreadystatechange=function() {
stateChanged(xmlHttp, passedID);
};
xmlHttp.open("POST",url,true);
xmlHttp.send(null);
}(again there is no benefit in storing the parameter to another variable).

I added xmlHttp as a parameter as I suspect that the function might use it.

One of your functions stateChanged1, ... can be used as a template for stateChanged but the code will have to be adusted.

BTW: You better use code tags when posting code: `your code here`

I edited your postings accordingly.
Copy linkTweet thisAlerts:
@sliochauthorSep 24.2020 — Thanks for the tip about the code tags, and the response. I took your answer, and modified it slightly to get what I needed. I just took the contents of the "stateChanged" function, and put it within the "function()" parenthesis you added (was only a simple if statement), and things work as I hoped.

I know it may seem simple, but can't thank you enough for your help. Saves a significant rewrite which I don't have the time, and the capability, given todays performance... :)
×

Success!

Help @slioch spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.10,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...