if I am not mistaken eval executes valid code in a given string
eval("alert('hey')");
and
setTimeout("alert('hey')",1000);
does just about the same thing, only with a timer. is set timeout just as risky as eval?
Asked
Active
Viewed 1,983 times
12
demongolem
- 9,474
- 36
- 90
- 105
Abdullah Khan
- 2,384
- 2
- 22
- 32
-
3Good question :) And I guess the answer is yes More here http://stackoverflow.com/questions/197769/when-is-javascripts-eval-not-evil – mplungjan Aug 16 '10 at 09:41
2 Answers
20
I'd say you hear the same objections. setTimeout (with string and not function parameters) is pretty much the same as eval.
If possible,
setTimeout(function(){ alert ("hey") ; }, 1000);
Thilo
- 257,207
- 101
- 511
- 656
-
-
8+1 for providing an example of the proper use of `setTimeout`. The ability to pass a string argument has probably done more harm than good to how people use javascript – David Hedlund Aug 16 '10 at 09:46
-
+1 Looks like my code needs some security changes ;) thanks, hmm I was not exactly aware that you can use timeouts this way as well hmmm – Abdullah Khan Aug 16 '10 at 09:46
4
Because when people say "eval", they mean "eval and any function that is more or less equivalent to eval", but the former is much shorter to say. So the answer to your question is yes, it is as risky.
erikkallen
- 33,800
- 13
- 85
- 120