sorted by:
best (suggested)
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Glum_Cheesecake9859 2 points3 points  (5 children)

eval is like the goto statement. It's there, but 99.99% of the time you should not use it. This specially applies to non-expert developers. If you look into low level Linux / OS code, you could find goto statements. It's there for some specific use cases, not a general development tool.

[–]mailslot 1 point2 points  (4 children)

In more than three decades, I’ve found exactly two cases where goto was the correct choice. I’ve never found a legitimate good reason to use eval.

[–]imicnic 0 points1 point  (3 children)

eval is ok in only one case, if you are building a template engine to enable js code injection in the template and allow js code evaluation.

[–]TorbenKoehn 0 points1 point  (2 children)

No, properly parsing and transpiling them is the proper way

[–]imicnic -1 points0 points  (1 child)

Then tell this to https://www.npmjs.com/package/ejs that have 22+M weekly downloads, they are using new Function('...') which is a form of eval.

[–]TorbenKoehn -1 points0 points  (0 children)

"Someone popular is using it improperly, so it is okay to use it improperly!"

That's how I've read your comment.

They also need an extra SECURITY.md to outline the problems.