Open In App

JavaScript eval() Function

Last Updated : 04 Feb, 2025
Comments
Improve
Suggest changes
Like Article
Like
Report

The eval() function in JavaScript is a powerful but potentially dangerous feature that allows the execution of JavaScript code stored in a string. While eval() can be useful in some cases, its use is generally discouraged due to security risks and performance concerns.

Executing JavaScript Code with eval()

JavaScript 
let a = 15;
let b = 5;
let oper = "a / b";
let res = eval(oper);
console.log(res);

Output
3

Recommended Alternative (Avoiding eval())

JavaScript 
let a = 15;
let b = 5;
let res = a / b;
console.log(res);

Output
3

The eval() method evaluates or executes an argument:

  • If the argument is an expression, eval() evaluates it.
  • If the argument contains one or more JavaScript statements, eval() executes them.

Syntax

eval(string)
  • string: A JavaScript expression, variable, statement, or sequence of statements to be executed.
  • Returns the result of the evaluated expression.

Security Risks and Why You Should Avoid eval()

1. Security Vulnerabilities

eval() executes arbitrary code, making it vulnerable to code injection attacks.

unsafe use case:

let input = "alert('Hacked!')";
eval(input); // Executes malicious code

2. Performance Issues

  • eval() forces JavaScript to recompile code at runtime, slowing execution.
  • It prevents JavaScript engines from optimizing code effectively.

Safer Alternatives to eval()

1. Using JSON.parse() for JSON Data

JavaScript 
let json = '{"city": "Mumbai", "population": 20400000}';
let obj = JSON.parse(json);
console.log(obj.city);

2. Using Function() Constructor

The Function constructor allows evaluating expressions safely.

JavaScript 
let fn = new Function("a", "b", "return a + b;");
console.log(fn(10, 20));

3. Using Object Property Access

For dynamic property evaluation, use bracket notation instead of eval().

JavaScript 
let obj = { language: "Hindi", spokenBy: "Millions" };
let key = "language";
console.log(obj[key]);

When to Avoid eval()

Avoid eval() in the following scenarios:

  • Processing user input.
  • Handling JSON data.
  • Accessing object properties dynamically.
  • Running frequently executed code (performance impact).


Next Article
PHP | file_put_contents() Function

S
Shubham_Singh_29
Improve
Article Tags :

Similar Reads

We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox