In JavaScript I have a var str = ".a long string that contains many lines..." In case of exception that caused by eval(str); I had like to catch it and print the the line number that caused the exception. (the line internal to str..) Is it possible? EDIT As part of the Alligator project (http://github.com/mrohad/Alligator), an applica...
I have a string that stores some variables that must be executed to produce a result, for example: define('RUN_THIS', '\$something.",".$somethingElse'); Which is then eval()-uated: $foo = eval("return ".RUN_THIS.";"); I understand that eval is unsafe if the string that gets evaluated is from user input. However, if for example I wa...
if I am not mistaken eval executes valid code in a given string eval("alert('hey')"); and setTimeout("alert('hey')",1000); does just about the same thing, only with a timer. is set timeout just as risky as eval? ...
I've heard many places that PHP's eval function is often not the answer. In light of PHP 5.3's LSB and closures we're running out of reasons to depend on eval or create_function. Is there is any conceivable cases where eval is the best (only?) answer in PHP 5.3? This question is not about whether eval is evil in general, as it obviousl...
In the legacy codebase that I am working on, there is a condition evaluator which accepts user input to build a condition. This condition is then evaluated at run-time using php eval(). What is the best way to resolve this without using eval. For e.g. I have a condition "1>0" entered by the user in the UI. This has to evaluated and the ...
I want an easy way to do a "calculator api" in python. Right now I don't care much about the exact set of features the calculator is going to support. I want it to receive a string, say "1+1" and return a string with the result, in our case "2". Is there a way to make eval safe for such a thing? For a start I would do env = {} env...
I would like to do something like this from a Ruby script, within a loop: Write a file a.rb (which changes each iteration) execute system(ruby 'a.rb') a.rb writes a string with results to a file 'results' a.rb finishes and Ruby returns 'true' (assuming no errors) the calling script reads the file 'results' and takes action. I expect ...
I have list like: ['name','country_id', 'price','rate','discount', 'qty'] and a string expression like exp = 'qty * price - discount + 100' I want to convert this expression into exp = 'obj.qty * obj.price - obj.discount + 100' as I wanna eval this expression like eval(exp or False, dict(obj=my_obj)) my question is what would b...
I'm building something that includes javascripts on the fly asynchronously, which works, but I'm looking to improve upon the error detection (so all the errors don't just appear to come from some line near the AJAX call that pulls them down. If I'm using eval to evaluate a multiline javascript file, is there any way to trace which line ...
I'm trying to create a bad word filter that throws out tweets that contain any of the words in a provided list, case insensitive. Only problem is that I want to do a simple encoding of the bad word list so that bad words are not downloaded to the client browser. I think the only way I can do it is by eval'ing a regular expression. Only t...
Hi All, I have the following scenario I want to add methods dynamically to a controller. All my method names are in a table . Please refer the following example -table (method_names)- 1 - Walk 2 - Speek 3 - Run and I have a controller class UsersController < ApplicationController def index end end Inside this index act...
Hi everybody, as usual i come here after testing around for hours and not having any clue what i am doing wrong ;-) I am not an javascript expert so i suppose this will cause some rolling eyes ;-) Sorry about that. I am now at a point where i tried to code somehting in a more readable way. Seperating functions in classes etc... What i wa...
I have a binding to an unknown source. All I have is the binding. I have no other way of looking at the bound object. I need to figure out the Type for the bound object, even if the value is null (this is where my problem is). I was evaluating the binding by binding to an object and then using the object as a way to get the Type, but I ...
Is escaping eval variables safe enough from security point of view. For e.g. $path = "a"; //sample value; is generated dynamically $var = "phpinfo()"; //sample attack value; is generated dynamically eval("\$struct$path = \$var;"); this seems to be working safely to me. Although there seems to be no reason of using the code in t...
i am looking for a Javascrit obfuscator tool that dont use eval in resulted obfuscatored code. All tools i saw use eval in resulted code. ...
Hi folks, today, i am defining a set of variables in a hash that I use in various functions all over the model and the controller. From the code below, you see that I am defining functions like get_stats, get_fans to target the exact variable. My question is, would it be possible to define just one function? NOW: REQ={:USER_STATS_I...
To parse JSON, I believe the best method is to use native JSON support in browsers. I was looking for a good way to parse JSON in cases where native JSON support is not available. When i looked at the code in http://www.json.org/json2.js, what i understood was it first checks whether the data is valid JSON using the regex: if (/^[\],:...
I have two files, one containing an array in PHP that is echoed via json_encode, and the other full of javascript functions for a webpage. One such function, that looks like this (and is unfinished): /* * Function: selectVictim * Called from function laserOn() * * Selects a random victim from a list of victims * * @return String: ...
i tried googling but didnt get a very specific answer.. then again, i might be not using the right keywords.. can someone point out the "security" issues javascript eval can cause? with examples with be very nice. will also do if you can point to an existing web resource which does the same. Edit: I only need the security implications f...
Hello, I'm currently using a separate thread in Java that could potentially be used for a lot of different functionality, and I'm wondering if there is a way to pass the command for an actual function call as a parameter. This would look something along the lines of: class myWorkerThread implements Runnable { private (<String/what...