Using a function constructor for evaluating AJAX result instead of eval()

Question

Can anyone suggest a reason why this may be better or worse than using eval() for AJAX calls? I think I found on a Google related page that advocated it over eval() since eval runs in the global scope whereas the functions contents here don't.

str = '{a: 90, b: 99}';
callback = new Function ('return ' + str);
obj = callback();

http://stackoverflow.com/questions/197769/when-is-javascripts-eval-not-evil — Danilo Valente, Feb 07 '14 at 13:00

score 3 · Accepted Answer · answered Feb 07 '14 at 13:00

3

It is effectively eval with messier syntax. It has all the drawbacks of eval.

The function body will still have access to the global scope. It is still slow. Bad data will throw exceptions. Untrusted data can utilise XSS.

answered Feb 07 '14 at 13:00

Quentin

914,110
126
1,211
1,335

Using a function constructor for evaluating AJAX result instead of eval()

1 Answers1