JavaScript eval() Function (original) (raw)

Last Updated : 04 Feb, 2025

The eval() function in JavaScript is a powerful but potentially dangerous feature that allows the execution of JavaScript code stored in a string. While eval() can be useful in some cases, its use is generally discouraged due to security risks and performance concerns.

Executing JavaScript Code with eval()

JavaScript `

let a = 15; let b = 5; let oper = "a / b"; let res = eval(oper); console.log(res);

`

JavaScript `

let a = 15; let b = 5; let res = a / b; console.log(res);

`

The eval() method evaluates or executes an argument:

**Syntax

eval(string)

Security Risks and Why You Should Avoid eval()

1. Security Vulnerabilities

eval() executes arbitrary code, making it vulnerable to code injection attacks.

**unsafe use case:

let input = "alert('Hacked!')"; eval(input); // Executes malicious code

2. Performance Issues

Safer Alternatives to eval()

1. Using JSON.parse() for JSON Data

JavaScript `

let json = '{"city": "Mumbai", "population": 20400000}'; let obj = JSON.parse(json); console.log(obj.city);

`

2. Using Function() Constructor

The Function constructor allows evaluating expressions safely.

JavaScript `

let fn = new Function("a", "b", "return a + b;"); console.log(fn(10, 20));

`

3. Using Object Property Access

For dynamic property evaluation, use bracket notation instead of eval().

JavaScript `

let obj = { language: "Hindi", spokenBy: "Millions" }; let key = "language"; console.log(obj[key]);

`

When to Avoid eval()

Avoid eval() in the following scenarios: