A question about eval() in javascript... why is it evil and how can I accomplish the same thing without using it?

Question

I have an application script that is working correctly, but I have a few eval() statements in order to make things work. I don't really understand why "eval is evil", as I keep reading, but what I really don't understand is how to avoid using it when it's the only thing that does what I need it to do.

In my script, I have a bunch of products. Each product has its own array of properties. There is also an array of all of the array names. As I run through different functions, these arrays are used to build the page content. The only method I found that works was to do this:

var schedule = {};  
$.each(productNameArray, function (i, name) {
    schedule = eval(name);
    // DO STUFF
});

Simply using name passes a string and does not read the actual array it is meant to reference. Eval makes it work as an object.

So how do accomplish this without using eval()?

Answer 1

Eval Evil.

Eval is evil as eval'd code cannot be optimised by javascript interpreters and minifiers which could cause quite a lot of issues because of that (perhaps the interpreter or minifier understands it wrong, or due to the conversion stuffs up the eval'd scope). The other side of the coin is that typically 99% of eval'd code could be rewritten to not use eval - it may require a ton of thinking and problem solving but typically that is the case.

How to avoid using it.

what I really don't understand is how to avoid using it when it's the only thing that does what I need it to do.

Simply using name passes a string and does not read the actual array it is meant to reference. Eval makes it work as an object.

You could use an object to store the variables that you are wanting to reference, and then use obj[name]. However without full code this is just a speculation... which should appear to be suitable.

Answer 2

What you are doing is parsing a JSON (like) string. That is one of the few cases, where eval actuall isn't evil.

If you can trust the server 100% from which the data arrives at the client, it's not a real problem at all (talking about security issues with eval).

If that is not the case, you always should avoid using eval() since any code that is evaluated has access to your global window object, cookies, DOM etc. and be used to spy & send data around.

The second big topic about why eval is evil is performance. eval() is slow when it comes to actually interpret ECMAscript code. Thats for example, using setTimeout like

setTimeout("myfunction();", 2000); // don't do that

This should always be written like

setTimeout(myfunction, 2000);

Letting Javascript parse Javascript, has a big performance impact.