Last Updated : 04 Feb, 2025
The eval() function in JavaScript is a powerful but potentially dangerous feature that allows the execution of JavaScript code stored in a string. While eval() can be useful in some cases, its use is generally discouraged due to security risks and performance concerns.
Executing JavaScript Code with eval() JavaScript
let a = 15;
let b = 5;
let oper = "a / b";
let res = eval(oper);
console.log(res);
Recommended Alternative (Avoiding eval()) JavaScript
let a = 15;
let b = 5;
let res = a / b;
console.log(res);
The eval() method evaluates or executes an argument:
Syntax
eval(string)
eval() executes arbitrary code, making it vulnerable to code injection attacks.
unsafe use case:
let input = "alert('Hacked!')";
eval(input); // Executes malicious code2. Performance Issues
let json = '{"city": "Mumbai", "population": 20400000}';
let obj = JSON.parse(json);
console.log(obj.city);
2. Using Function() Constructor
The Function constructor allows evaluating expressions safely.
JavaScript
let fn = new Function("a", "b", "return a + b;");
console.log(fn(10, 20));
3. Using Object Property Access
For dynamic property evaluation, use bracket notation instead of eval().
JavaScript
let obj = { language: "Hindi", spokenBy: "Millions" };
let key = "language";
console.log(obj[key]);
When to Avoid eval()
Avoid eval() in the following scenarios:
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4