For instance:
eval("alert('Hello there!');");
// is just as bad as?
window.location.href = "javascript:alert('Hello there!');void(0);";
Asked
Active
Viewed 905 times
1
auroranil
- 2,621
- 6
- 24
- 34
-
Who are we to judge what's good and what's bad? Yes, it's just as bad. – Julien Lebosquain Nov 09 '12 at 07:55
-
1You killed the sweet ethics of javascript !! No offence ! :) – coolguy Nov 09 '12 at 07:57
-
1I think it's even worse because you add much more overhead. – Johni Nov 09 '12 at 07:56
1 Answers
3
Yeah, that's the same : the string after "javascript:" is evaluated to be executed.
At least the first bad solution is more direct and obvious...
For a more general insight about why eval is evil, I'd redirect you to this other SO question.
But why would you use this kind of things ? It's very very hard to find a legitimate case where it would simplify your code.
Community
- 1
- 1
Denys Séguret
- 372,613
- 87
- 782
- 758