Java Script eval() function belong to which Object ? Also execution context is passed on while invoking a eval() function

Question

My Questions regarding eval() function in JavaScript

To which object does eval() belong to ?
We know that all java script code gets a execution context . What execution context does eval() get ?Is it the global execution context ?
Why is eval() called an evil? Is there any case where eval() function can be a life saver ?

https://developer.mozilla.org/en/JavaScript/Reference/Global_Objects/eval — Fabrizio Calderan, Jun 22 '12 at 12:02
http://stackoverflow.com/questions/86513/why-is-using-the-javascript-eval-function-a-bad-idea — 4b0, Jun 22 '12 at 12:15

score 0 · Answer 1 · answered Jun 22 '12 at 12:03

0

When you omit an object you actually call it on the window object. So its window.eval, but since its the default its the same as a global scope.
Eval scope is tricky. Basicly global scope.
Eval is very evil, you allow the user to execute arbitrary code. This is a very scary thing. Especially when it has user input you do not want to use eval. Any malicious user could really give you a bad time.

answered Jun 22 '12 at 12:03

TJHeuvel

@Niklas B . Why do you say that executing malicious code in the browser context is not dangerous ? Isn't the client machine at risk ? – Inquisitive Jun 22 '12 at 12:57
I just found a useful case for eval() inside http://24ways.org/2005/dont-be-eval under the head **What’s it good for?** – Inquisitive Jun 22 '12 at 13:16
@Niklas B By "Javascript environment is user-controlled anyway" ,what did u actually mean ? Can you shed some light on it using examples if possible ? – Inquisitive Jun 22 '12 at 13:19

1 Answers1