Comments (3)
1. Is eval
really evil?
“eval is Evil: The eval function is the most misused feature of JavaScript. Avoid it”
Douglas Crockford in JavaScript: The Good Parts
《JS语言精粹》认为 eval
是JS最被误用的特性,要尽量避免使用。但无论同意或驳斥这个观点,首先认识下 eval
。
eval
使用
The
eval()
method evaluates JavaScript code represented as a string.
语法
eval(string) // string 可以是JS表达式,语句,多语句。表达式可以引入变量或存在的对象的属性。
描述
eval
是全局对象的函数属性,参数是字符串。它会解析字符串并执行。如果参数不是字符串,eval
原样返回参数。
eval
特性
共享caller的执行上下文
eval
会共享caller的执行上下文。这意味着eval
中声明的变量可以在当前作用域继续使用,也即影响当前作用域。
function evalLocal() {
console.log(typeof hello);
eval('var hello = \'this is hello.\'; noVar = 1; console.log(hello, noVar);');
console.log(hello, noVar);
console.log(window.hello, window.noVar);
}
// 输出:
// undefined
// this is hello. 1
// this is hello. 1
// undefined 1
有时候,如果想让eval
执行在全局作用域,可以
function evalGlobal() {
console.log(typeof hi);
(0, eval)('var hi = \'this is hi.\'; console.log(hi);');
console.log(hi);
console.log(window.hi);
}
// 输出:
// undefined
// this is hi.
// this is hi.
// this is hi.
依赖JS解释器解析字符串
JavaScript问题集锦里讲过_对象字面值不能正确解析_,这是JS解释器的问题,所以eval
也会有同样问题,可以用解析JSON的例子来看。
var str = '{"x": 1, "y": 2}';
eval(str); // Uncaught SyntaxError: Unexpected token :
// 解决方案
eval('(' + str + ')') // Object {x: 1, y: 2}
eval
缺陷
好,步入重点,来谈谈eval
是不是真的是邪恶的。
通常,我们可以列出下列缺点:
- 需要编译而更慢,此外
eval
会阻止优化编译器去优化代码(因为eval
里的内容会使代码不可预测); eval
恶意脚本的安全问题;- 看起来很丑,可读性差;
- 继承执行上下文,绑定调用它的作用域。
这些看起来很有道理,但并不是绝对的。比如安全性,很多时候只是eval
服务器响应的信息,此时源是可信的,并不会有很大问题。
结论
一句话,说eval
邪恶太绝对,但仍然赞成能不用就不用。
参考
- https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval
- https://javascriptweblog.wordpress.com/2010/04/19/how-evil-is-eval/
from blog.
2. JavaScript中的event loop,macrotask和microtask
详情请看 #21
参考资料:
http://stackoverflow.com/questions/25915634/difference-between-microtask-and-macrotask-within-an-event-loop-context
https://jakearchibald.com/2015/tasks-microtasks-queues-and-schedules/
from blog.
本issue关闭,相关内容并无必要单开一个issue。
from blog.
Related Issues (20)
- JavaScript问题集锦(二) HOT 5
- mark
- 怎么用Vue.js改造(大型)传统PHP网站? HOT 12
- wrong
- 学习与理解 React Fiber HOT 3
- Vue源码解析
- 浏览器的工作原理 HOT 2
- 从零开始学习 Android (笔记) HOT 2
- 三元 vs if else HOT 1
- 每周一读(高质量文章/视频浏览记录) HOT 2
- 算法学习(JavaScript实现) HOT 6
- mobx 学习笔记
- 了解 JavaScript 中的事件循环
- 牛逼 HOT 2
- __proto__
- Web性能指标与相关优化
- webpack runtime 源码分析
- webpack 核心概念和优化指南 HOT 2
- 从浏览器关键渲染路径聊起
- 日常问题记录 HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from blog.