First of all I'm sorry for my little knowledge. I've been researching about the eval function and realized that it is usually recognized as a security fault. Some like it while others hate it, so much so good.
I'm not here asking when to use it or not.
I want to know why it was not removed from JavaScript?
Asked
Active
Viewed 125 times
1
Alexandre Neukirchen
- 2,713
- 7
- 26
- 36
-
1It's mainly because it's rare nowadays to remove backwards compatibility in language, even if something is considered a vulnerability. Things get often obsolete but not deleted from API. For 'evilness', look for @ceejayoz comment. – mwilczynski Dec 03 '16 at 02:11
-
first: eval is 99.9% evil - it has some rare uses. second: why does code supporting IE<9 still exist – Jaromanda X Dec 03 '16 at 02:58
-
It's an important tool that makes sense to include in a dynamic language like JavaScript. I've found perfectly safe uses for it in the past that increased performance by more than 10% in tests. `eval` isn't the problem; people not knowing what they're doing is the problem. This *"because backwards compatibility"* claim that I hear every so often is baseless. If they had any intention of phasing it out, they'd have made it illegal in any strict mode environment. – Dec 03 '16 at 13:00