如何将字符串转换为 Javascript 中的可执行代码行?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/14014371/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I convert a string into an executable line of code in Javascript?
提问by Norton Commander
I have the following bit of code
我有以下代码
console.log("I am");
var x = "console.log('Alive!')";
Now I only want to use xto execute the code-string that is assigned to it - I may not even know the value of x for example but simply want to execute it whatever it maybe - is this possible?
现在我只想用来x执行分配给它的代码字符串 - 例如,我什至可能不知道 x 的值,但只想执行它可能的任何事情 - 这可能吗?
回答by Simpal Kumar
回答by Andreas Hagen
What you are looking for is eval(). By passing a string to this function you will evaluate the string as JavaScript code and it will return whatever return-value the code in the string returns.
您正在寻找的是eval(). 通过将字符串传递给该函数,您将把字符串作为 JavaScript 代码求值,并且它将返回字符串中的代码返回的任何返回值。
Be aware when using this function though. You do not want to evaluate any code you do not know is safe to execute. For example, running user-generated code could mess up whatever you are making. While using this in JavaScript on a website this will probably only cause issues on the client-side and hence probably won't be much of a security threat, you would want to be VERY careful when evaluating code on for example a server side.
使用此功能时请注意。您不想评估任何您不知道可以安全执行的代码。例如,运行用户生成的代码可能会弄乱您正在制作的任何内容。在网站上的 JavaScript 中使用它时,这可能只会导致客户端出现问题,因此可能不会构成太大的安全威胁,在评估例如服务器端的代码时,您需要非常小心。
As have been hinted to in other posts here you probably want to make a function instead of an evaluated string if you are in control of the source code that is to be run.
正如在此处的其他帖子中所暗示的那样,如果您可以控制要运行的源代码,则您可能想要创建一个函数而不是评估字符串。
回答by T.J. Crowder
evaland new Functionlet you parse and execute JavaScript code from strings.
eval并new Function让您从字符串解析和执行 JavaScript 代码。
In general, avoid executing code from strings. And neverexecute code from strings where the strings are untrusted input (for instance, if you take input from user A, never use these to evaluate it in a session with user B).
通常,避免从字符串执行代码。并且永远不要从字符串中执行代码,其中字符串是不受信任的输入(例如,如果您从用户 A 获取输入,则永远不要在与用户 B 的会话中使用这些来评估它)。
I see answers here pointing you at eval. evalgrants access to your local variables and such to the code, making it reallypowerful and reallydangerous if you use it with untrusted input.
我看到这里的答案指向你eval。eval授予对您的局部变量等代码的访问权限,如果您将其用于不受信任的输入,它会变得非常强大且非常危险。
Where possible, avoid eval. You can easily avoid it in your case:
在可能的情况下,避免eval. 在您的情况下,您可以轻松避免它:
For instance:
例如:
console.log("I am");
var x = "console.log('Alive!')";
new Function(x)();That code creates a function whose body is the text from x, then immediately executes the function.
该代码创建了一个函数,其主体是来自 的文本x,然后立即执行该函数。
回答by ThiefMaster
What you are looking for is called a function:
您正在寻找的称为函数:
function x() {
console.log('Alive!');
}
If xis already a stringcontaining the code you could use eval(x)to execute it. evalis evil though.
Ifx已经是一个包含可以用来执行它的代码的字符串eval(x)。eval虽然是邪恶的。
回答by user1276919
var x = "console.log('Alive!')";
eval(x)
