Hi there!
How do I execute some Javascript that is a string?
function ExecuteJavascriptString()
{
var s = "alert('hello')";
// how do I get a browser to alert('hello')?
}
Many thanks!
views:
798answers:
9
+16
A:
The eval function will evaluate a string that is passed to it.
But the use of eval can be dangerous, so use with caution.
Edit: annakata has a good point -- Not only is eval dangerous, it is slow. This is because the code to be evaluated must be parsed on the spot, so that will take some computing resources.
coobird
2009-06-02 12:56:07
super dangerous AND slow - you should bold, italic, underline, and h1 that
annakata
2009-06-02 13:00:25
I'm doubtful that it's any slower than loading JavaScript anywhere else on the page, that has to be parsed as well. If it's slower, it it's because it's done in a different scope, which might force to creation of resources for that scope.
altCognito
2009-06-02 13:16:53
+7
A:
Use eval().
You will probably get a lot of warnings about using this safely. do NOT allow users to inject ANYTHING into eval() as it is a huge security issue.
You'll also want to know that eval() has a different scope.
altCognito
2009-06-02 12:56:14
+1
A:
eval(s);
But this can be dangerous if you are taking data from users, although I suppose if they crash their own browser thats their problem.
Unkwntech
2009-06-02 12:56:48
exactly. Eval is dangerous on the server side. On the client... not so much. The user could just type in javascript:someevilcode in to the address of the browser and boom. Eval right there.
Esben Skov Pedersen
2010-01-29 09:28:37
A:
eval(s);
Remember though, that eval is very powerful and quite unsafe. You better be confident that the script you are executing is safe and unmutable by users.
PatrikAkerstrand
2009-06-02 12:57:09
In JS everything can be changed by the user just type "javascript:document.write("Hello World");" into almost any browser's address bar.
Unkwntech
2009-06-02 12:58:16
Yes, but you can make it harder for him by not using global variables, hiding your functions in closures etc. Also, by avoiding eval like the plague =)
PatrikAkerstrand
2009-06-02 13:05:27
+5
A:
With eval(). See:
http://www.devguru.com/Technologies/ecmascript/quickref/eval.html
Lennart
2009-06-02 12:57:26
+3
A:
Use eval as below. Eval should be used with caution, a simple search about "eval is evil" should throw some pointers.
function ExecuteJavascriptString()
{
var s = "alert('hello')";
eval(s);
}
xk0der
2009-06-02 12:58:34
Good tip on that *a simple search about "eval is evil"* Thanks!
Optimal Solutions
2009-06-02 13:27:39
a) don't intend on ever executing javascript in strings, b) write your own "safe" javascript interpreter in javascript, to allow only executing safe code. BTW it's not considered good form on this site to post an answer that's not an answer. Use comments instead.
Jason S
2009-07-24 21:36:57
+1
A:
try this:
var script = "<script type=\"text/javascript\"> content </script>";
//using jquery next
$('body').append(script);//incorporates and executes inmediatelly
//personally i didnt test it. but seems to work.
good look;
camrto
2010-01-29 09:14:40