0

I'm in a dev console and was asking myself is there a way to execute encrypted text without using eval?

example with eval:

let encrypted = 'Y29uc29sZS5sb2coJ3Rlc3QnKQ==' // (console.log('test') as base64)
eval(window.atob(encrypted))

so could I do that without eval?

Lee Taylor
  • 7,761
  • 16
  • 33
  • 49
Qleii
  • 1
  • 2
  • 1
    You can use the [`Function`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function/Function) constructor. [Never use `eval()`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval#never_use_eval!) – jabaa May 30 '22 at 23:06
  • @jabaa what do you mean? – Qleii May 30 '22 at 23:10
  • I posted two links. Open them. You usually don't need `eval` and you should not use it. – jabaa May 30 '22 at 23:10
  • 1
    The function constructor isn't much better, though at least it doesn't give access to the scope of the callsite. – Patrick Roberts May 30 '22 at 23:11
  • @PatrickRoberts And it has better performance. – jabaa May 30 '22 at 23:12
  • 2
    `setTimeout` and `setInterval` both accept stringified code for their first parameter. Definitely a bad practice though – Scott May 30 '22 at 23:12
  • 5
    By the way, `encrytped` is misleading because there's no key. Base64 is an encoding, not an encryption. – Patrick Roberts May 30 '22 at 23:15
  • Why are you trying to avoid `eval` in this case? – Bergi May 31 '22 at 00:01
  • 1
    @jabaa Except when it's the right tool, of course :-) OP mentions working in the devtools console, and in that case simplicity might be more important than encapsulation. – Bergi May 31 '22 at 00:07
  • @Bergi Of course. Somehow I didn't process this information. – jabaa May 31 '22 at 00:10

0 Answers0