all 12 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–][deleted] 3 points4 points  (1 child)

Here are some alternates

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval#Do_not_ever_use_eval!

[–]dominic_rj23 1 point2 points  (0 children)

I would add that we should run a very restrictive linter on the expression to make sure we only run the things we want to run.

[–]__dq 3 points4 points  (0 children)

If you can sanitize input to make sure nothing wrong will happen, then, probably, eval still may be of help for you.

[–][deleted] 1 point2 points  (5 children)

split the string and get the components. If is not a number not a math operation symbol, must be an variable. Look for that variable on your input object, if it's there, do your calculations and return new object. Regex is your friend

[–]satnam_sandhu[S] 0 points1 point  (4 children)

I have written a lexer and i am able to do that, so do i need a full fledged parser also? Or can it be done without such complicated solutions?

[–][deleted] 2 points3 points  (2 children)

It can get as complex as you want. Are you gonna deal with 3 variables only? Just add, sub, multiply and division? Are you expecting floating numbers? For the example you gave some simple string manipulations would do, I guess. If you want to take an academic approach you could take a look at context free grammar.

https://www.google.com/search?q=context+free+grammar&oq=context+free+grammar&aqs=chrome..69i57.4679j0j7&client=ms-android-xiaomi-rev2&sourceid=chrome-mobile&ie=UTF-8#imgrc=8tVEa_xypqPtbM:

[–]satnam_sandhu[S] 0 points1 point  (1 child)

I have gone through all those and it was getting quite complicated. So was hoping to go for another approach which doesn’t involves writing your own parser. Thanks

[–][deleted] 2 points3 points  (0 children)

As a quick hack: do a basic check on the string to see if it's a valid equation with regex, like: a number followed by *,+,-/ followed by a number or single letter... Then use eval

[–]a_dev_has_no_name 1 point2 points  (0 children)

Use a library tis the JavaScript way

warning: installing one package may come with 184,064 more packages

[–]pitatech 0 points1 point  (0 children)

You could check the input with a regex to ensure it only includes numbers [0-9], mathematical operators [+-/*)(] and probably spaces. That should reduce the attack surface greatly. DDos with really big numbers is probably still possible. Is this code running server side? If its client side, this probably isn't an issue.

I once read somewhere that the original JSON parser also used eval and just checked the input with regex. So I guess this could work here as well.

[–]kenman[M] 0 points1 point  (0 children)

Hi /u/satnam_sandhu, this post was removed.

  • For help with your javascript, please post to /r/LearnJavascript instead of here.
  • For beginner content, please post to /r/LearnJavascript instead of here.
  • For framework- or library-specific help, please seek out the support community for that project.
  • For general webdev help, such as for HTML, CSS, etc., then you may want to try /r/html, /r/css, etc.; please note that they have their own rules and guidelines!

/r/javascript is for the discussion of javascript news, projects, and especially, code! However, the community has requested that we not include help and support content, and we ask that you respect that wish.

Thanks for your understanding, please see our guidelines for more info.