Shopping Cart

No products in the cart.

Quality Clouds Community
Quality Clouds Community
View Categories

JavaScript – Avoid Use Of Eval Function

Table of Contents
Impact Area

Security

Severity

High

Affected Element

All

Rule number

SN-0107

Impact #

The eval() function evaluates or executes an argument. Improper use of eval() opens up your code for injection attacks and debugging can be more challenging, as no line numbers are displayed with an error.

Remediation #

Avoid the use of eval. It encourages the use of untrusted code. If you must execute arbitrary code, use GlideScriptEvaluator which ensures it came from a record.

Time to fix

30 min

Code examples #

Noncompliant code

let value = eval(‘obj.’ + propName);

Compliant code

let value = eval(gs.getProperty(‘variableWhichHoldsSafeCode’));

What are your Feelings

Powered by BetterDocs

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups

Please allow a few minutes for this process to complete.

Report

You have already reported this .