Git Product home page Git Product logo

Comments (3)

creeperyang avatar creeperyang commented on August 23, 2024

1. Is eval really evil?

“eval is Evil: The eval function is the most misused feature of JavaScript. Avoid it”
Douglas Crockford in JavaScript: The Good Parts

《JS语言精粹》认为 eval是JS最被误用的特性,要尽量避免使用。但无论同意或驳斥这个观点,首先认识下 eval

eval使用

The eval() method evaluates JavaScript code represented as a string.

语法

eval(string) // string 可以是JS表达式,语句,多语句。表达式可以引入变量或存在的对象的属性。

描述

eval是全局对象的函数属性,参数是字符串。它会解析字符串并执行。如果参数不是字符串,eval原样返回参数。

eval特性

共享caller的执行上下文

eval会共享caller的执行上下文。这意味着eval中声明的变量可以在当前作用域继续使用,也即影响当前作用域。

function evalLocal() {
    console.log(typeof hello);
    eval('var hello = \'this is hello.\'; noVar = 1; console.log(hello, noVar);');
    console.log(hello, noVar);
    console.log(window.hello, window.noVar);
}
// 输出:
// undefined
// this is hello. 1
// this is hello. 1
// undefined 1

有时候,如果想让eval执行在全局作用域,可以

function evalGlobal() {
    console.log(typeof hi);
    (0, eval)('var hi = \'this is hi.\'; console.log(hi);');
    console.log(hi);
    console.log(window.hi);
}
// 输出:
// undefined
// this is hi.
// this is hi.
// this is hi.

依赖JS解释器解析字符串

JavaScript问题集锦里讲过_对象字面值不能正确解析_,这是JS解释器的问题,所以eval也会有同样问题,可以用解析JSON的例子来看。

var str = '{"x": 1, "y": 2}';
eval(str); // Uncaught SyntaxError: Unexpected token :

// 解决方案
eval('(' + str + ')') // Object {x: 1, y: 2}

eval缺陷

好,步入重点,来谈谈eval是不是真的是邪恶的。

通常,我们可以列出下列缺点:

  1. 需要编译而更慢,此外eval会阻止优化编译器去优化代码(因为eval里的内容会使代码不可预测);
  2. eval恶意脚本的安全问题;
  3. 看起来很丑,可读性差;
  4. 继承执行上下文,绑定调用它的作用域。

这些看起来很有道理,但并不是绝对的。比如安全性,很多时候只是eval服务器响应的信息,此时源是可信的,并不会有很大问题。

结论

一句话,说eval邪恶太绝对,但仍然赞成能不用就不用。

参考

  1. https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval
  2. https://javascriptweblog.wordpress.com/2010/04/19/how-evil-is-eval/

from blog.

creeperyang avatar creeperyang commented on August 23, 2024

2. JavaScript中的event loop,macrotask和microtask

详情请看 #21

参考资料:

http://stackoverflow.com/questions/25915634/difference-between-microtask-and-macrotask-within-an-event-loop-context
https://jakearchibald.com/2015/tasks-microtasks-queues-and-schedules/

from blog.

creeperyang avatar creeperyang commented on August 23, 2024

本issue关闭,相关内容并无必要单开一个issue。

from blog.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.